<!DOCTYPE html>
<html lang=zh>
<head>
  <meta charset="utf-8">
  
  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
  <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no, minimal-ui">
  <meta name="renderer" content="webkit">
  <meta http-equiv="Cache-Control" content="no-transform" />
  <meta http-equiv="Cache-Control" content="no-siteapp" />
  <meta name="apple-mobile-web-app-capable" content="yes">
  <meta name="apple-mobile-web-app-status-bar-style" content="black">
  <meta name="format-detection" content="telephone=no,email=no,adress=no">
  <!-- Color theme for statusbar -->
  <meta name="theme-color" content="#000000" />
  <!-- 强制页面在当前窗口以独立页面显示,防止别人在框架里调用页面 -->
  <meta http-equiv="window-target" content="_top" />
  
  
  <title>OpenStack-T版搭建笔记 | 耀的个人站</title>
  <meta name="description" content="OpenStack-T版搭建笔记概览OpenStack 项目是一个开源的云计算平台，支持所有类型的云环境。该项目的目标是简单的实现，大规模的可扩展性，以及丰富的功能集。来自世界各地的云计算专家为该项目做出了贡献。 OpenStack 通过各种互补的服务提供了一种基础设施即服务(IaaS)解决方案。每个服务都提供了一个应用程序编程接口(API) ，以促进这种集成。根据您的需要，您可以安装部分或全部服">
<meta property="og:type" content="article">
<meta property="og:title" content="OpenStack-T版搭建笔记">
<meta property="og:url" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/index.html">
<meta property="og:site_name" content="耀的个人站">
<meta property="og:description" content="OpenStack-T版搭建笔记概览OpenStack 项目是一个开源的云计算平台，支持所有类型的云环境。该项目的目标是简单的实现，大规模的可扩展性，以及丰富的功能集。来自世界各地的云计算专家为该项目做出了贡献。 OpenStack 通过各种互补的服务提供了一种基础设施即服务(IaaS)解决方案。每个服务都提供了一个应用程序编程接口(API) ，以促进这种集成。根据您的需要，您可以安装部分或全部服">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211227175108208.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211227180212669.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225191147010.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225193154146.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225203232893.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221222944980.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221223000275.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211220220657280.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211220220949588.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211220235237267.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211220235540289.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221000151695.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221220650498.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221221028972.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221221724388.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221222153900.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221222250749.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211220225621315.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221001221270.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221000130660.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211222011150129.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223203544589.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211222011443038.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211222143044080.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223142118039.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223142211513.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223142307237.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223142810955.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223142841853.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223143232539.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223143730199.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223144714231.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223144927050.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223145521392.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223145702866.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223225405794.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223225604348.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223225806579.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223225927147.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223230041836.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223230700554.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223230938217.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223224759898.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223231300228.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223231339920.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225174550470.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225182248840.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225182956725.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225183328021.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225185151784.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225183447370.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225184832138.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226155055340.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226155310036.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226161733637.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211230093447265.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211230112252216.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226163807331.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226164101747.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226164802177.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228101940489.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228104009222.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228151823784.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228165304310.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228165745448.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211230112548717.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228222522675.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228222716292.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228222916164.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228224401961.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228224518070.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228231216824.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228234518358.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228234641301.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228234807924.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228235021626.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228235229548.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228235636340.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228235717077.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229004353260.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229004913215.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229005405699.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229005749298.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229224627614.png">
<meta property="og:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229231834291.png">
<meta property="article:published_time" content="2021-12-30T23:33:07.000Z">
<meta property="article:modified_time" content="2021-12-30T13:33:16.271Z">
<meta property="article:author" content="zhaoyao">
<meta property="article:tag" content="OpenStack">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211227175108208.png">
  <!-- Canonical links -->
  <link rel="canonical" href="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/index.html">
  
    <link rel="alternate" href="/atom.xml" title="耀的个人站" type="application/atom+xml">
  
  
    <link rel="icon" href="/favicon.png" type="image/x-icon">
  
  
<link rel="stylesheet" href="/css/style.css">

  
  
  
    <link href="//cdn.jsdelivr.net/npm/@fancyapps/fancybox@3.3.5/dist/jquery.fancybox.min.css" rel="stylesheet">
  
  
    <link rel="stylesheet" href="//cdn.jsdelivr.net/npm/gitalk@1.4.0/dist/gitalk.min.css">
  
<meta name="generator" content="Hexo 5.4.0"></head>


<body class="main-center theme-blue" itemscope itemtype="http://schema.org/WebPage">
  <header class="header" itemscope itemtype="http://schema.org/WPHeader">
  <div class="slimContent">
    <div class="navbar-header">
      
      
      <div class="profile-block text-center">
        <a id="avatar" href="https://github.com/geiao223" target="_blank">
          <img class="img-circle img-rotate" src="/images/avatar.jpg" width="200" height="200">
        </a>
        <h2 id="name" class="hidden-xs hidden-sm">耀</h2>
        <h3 id="title" class="hidden-xs hidden-sm hidden-md">GIS Developer</h3>
        <small id="location" class="text-muted hidden-xs hidden-sm"><i class="icon icon-map-marker"></i> nanjing, China</small>
      </div>
      
      <div class="search" id="search-form-wrap">

    <form class="search-form sidebar-form">
        <div class="input-group">
            <input type="text" class="search-form-input form-control" placeholder="搜索" />
            <span class="input-group-btn">
                <button type="submit" class="search-form-submit btn btn-flat" onclick="return false;"><i class="icon icon-search"></i></button>
            </span>
        </div>
    </form>
    <div class="ins-search">
  <div class="ins-search-mask"></div>
  <div class="ins-search-container">
    <div class="ins-input-wrapper">
      <input type="text" class="ins-search-input" placeholder="想要查找什么..." x-webkit-speech />
      <button type="button" class="close ins-close ins-selectable" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
    </div>
    <div class="ins-section-wrapper">
      <div class="ins-section-container"></div>
    </div>
  </div>
</div>


</div>
      <button class="navbar-toggle collapsed" type="button" data-toggle="collapse" data-target="#main-navbar" aria-controls="main-navbar" aria-expanded="false">
        <span class="sr-only">Toggle navigation</span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
      </button>
    </div>
    <nav id="main-navbar" class="collapse navbar-collapse" itemscope itemtype="http://schema.org/SiteNavigationElement" role="navigation">
      <ul class="nav navbar-nav main-nav ">
        
        
        <li class="menu-item menu-item-home">
          <a href="/.">
            
            <i class="icon icon-home-fill"></i>
            
            <span class="menu-title">首页</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-archives">
          <a href="/archives">
            
            <i class="icon icon-archives-fill"></i>
            
            <span class="menu-title">归档</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-categories">
          <a href="/categories">
            
            <i class="icon icon-folder"></i>
            
            <span class="menu-title">分类</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-tags">
          <a href="/tags">
            
            <i class="icon icon-tags"></i>
            
            <span class="menu-title">标签</span>
          </a>
        </li>
        
        
        <li class="menu-item menu-item-about">
          <a href="/about">
            
            <i class="icon icon-cup-fill"></i>
            
            <span class="menu-title">关于</span>
          </a>
        </li>
        
      </ul>
      <head>
    <meta charset="utf-8">
    
      
            
        
            
        
            
        
            
              <link rel="stylesheet" href="//at.alicdn.com/t/font_557201_kt8eehtlfzr.css">
            
        
            
        
    
</head>

	
    <ul class="social-links">
    	
            
                <li><a href="https://github.com/geiao223" target="_blank" title="Github" data-toggle=tooltip data-placement=top><i class="icon icon-github"></i></a></li>
            
             
        
            
                <li><a href="https://gitee.com/geiao2" target="_blank" title="Gitee" data-toggle=tooltip data-placement=top><i class="icon icon-gitee"></i></a></li>
            
             
        
            
                <li><a href="https://www.zhihu.com/people/geiao1314/columns" target="_blank" title="Zhihu" data-toggle=tooltip data-placement=top><i class="icon icon-zhihu"></i></a></li>
            
             
        
            
            
                <li><a href="https://space.bilibili.com/315638226" target="_blank" title="Bilibili" data-toggle=tooltip data-placement=top><i class="iconfont icon-bilibili-line"></i></a></li>
             
        
            
                <li><a href="https://mail.google.com/mail/u/0/?fs=1&tf=cm&source=mailto&to=zhaoyao92@qq.com" target="_blank" title="Email" data-toggle=tooltip data-placement=top><i class="icon icon-email"></i></a></li>
            
             
        
    </ul>

    </nav>
  </div>
</header>

  
    <aside class="sidebar" itemscope itemtype="http://schema.org/WPSideBar">
  <div class="slimContent">
    
      <div class="widget">
    <h3 class="widget-title">公告</h3>
    <div class="widget-body">
        <div id="board">
            <div class="content">
                <p>欢迎交流与分享经验!</p>
            </div>
        </div>
    </div>
</div>

    
      
  <div class="widget">
    <h3 class="widget-title">分类</h3>
    <div class="widget-body">
      <ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/openstack/">OpenStack</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/springboot/">springboot</a><span class="category-list-count">3</span></li></ul>
    </div>
  </div>


    
      
  <div class="widget">
    <h3 class="widget-title">标签</h3>
    <div class="widget-body">
      <ul class="tag-list" itemprop="keywords"><li class="tag-list-item"><a class="tag-list-link" href="/tags/openstack/" rel="tag">OpenStack</a><span class="tag-list-count">1</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/cas/" rel="tag">cas</a><span class="tag-list-count">2</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/springboot/" rel="tag">springboot</a><span class="tag-list-count">1</span></li></ul>
    </div>
  </div>


    
      
  <div class="widget">
    <h3 class="widget-title">标签云</h3>
    <div class="widget-body tagcloud">
      <a href="/tags/openstack/" style="font-size: 13px;">OpenStack</a> <a href="/tags/cas/" style="font-size: 14px;">cas</a> <a href="/tags/springboot/" style="font-size: 13px;">springboot</a>
    </div>
  </div>

    
      
  <div class="widget">
    <h3 class="widget-title">归档</h3>
    <div class="widget-body">
      <ul class="archive-list"><li class="archive-list-item"><a class="archive-list-link" href="/archives/2021/12/">十二月 2021</a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2021/10/">十月 2021</a><span class="archive-list-count">4</span></li></ul>
    </div>
  </div>


    
      
  <div class="widget">
    <h3 class="widget-title">最新文章</h3>
    <div class="widget-body">
      <ul class="recent-post-list list-unstyled no-thumbnail">
        
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/openstack/">OpenStack</a>
              </p>
              <p class="item-title">
                <a href="/2021/12/31/openstack%E5%AE%9E%E6%88%98/" class="title">OpenStack-T版搭建笔记</a>
              </p>
              <p class="item-date">
                <time datetime="2021-12-30T23:33:07.000Z" itemprop="datePublished">2021-12-31</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/springboot/">springboot</a>
              </p>
              <p class="item-title">
                <a href="/2021/10/15/5-0-x%E7%94%A8%E6%88%B7%E7%95%8C%E9%9D%A2%E5%AE%9A%E5%88%B6/" class="title">5.0.x用户界面定制</a>
              </p>
              <p class="item-date">
                <time datetime="2021-10-15T01:04:03.000Z" itemprop="datePublished">2021-10-15</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/springboot/">springboot</a>
              </p>
              <p class="item-title">
                <a href="/2021/10/13/cas/" class="title">CAS</a>
              </p>
              <p class="item-date">
                <time datetime="2021-10-13T06:42:14.000Z" itemprop="datePublished">2021-10-13</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                <a class="category-link" href="/categories/springboot/">springboot</a>
              </p>
              <p class="item-title">
                <a href="/2021/10/11/springboot%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0/" class="title">Springboot学习笔记</a>
              </p>
              <p class="item-date">
                <time datetime="2021-10-11T09:10:07.000Z" itemprop="datePublished">2021-10-11</time>
              </p>
            </div>
          </li>
          
          <li>
            
            <div class="item-inner">
              <p class="item-category">
                
              </p>
              <p class="item-title">
                <a href="/2021/10/11/test/" class="title">Test</a>
              </p>
              <p class="item-date">
                <time datetime="2021-10-11T07:00:19.000Z" itemprop="datePublished">2021-10-11</time>
              </p>
            </div>
          </li>
          
      </ul>
    </div>
  </div>
  

    
  </div>
</aside>

  
  
<aside class="sidebar sidebar-toc collapse" id="collapseToc" itemscope itemtype="http://schema.org/WPSideBar">
  <div class="slimContent">
    <nav id="toc" class="article-toc">
      <h3 class="toc-title">文章目录</h3>
      <ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#OpenStack-T%E7%89%88%E6%90%AD%E5%BB%BA%E7%AC%94%E8%AE%B0"><span class="toc-number">1.</span> <span class="toc-text">OpenStack-T版搭建笔记</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#%E6%A6%82%E8%A7%88"><span class="toc-number">1.1.</span> <span class="toc-text">概览</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#OpenStack%E6%9C%8D%E5%8A%A1"><span class="toc-number">1.2.</span> <span class="toc-text">OpenStack服务</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E6%9E%B6%E6%9E%84"><span class="toc-number">1.3.</span> <span class="toc-text">架构</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#%E6%A6%82%E5%BF%B5%E6%9E%B6%E6%9E%84"><span class="toc-number">1.3.1.</span> <span class="toc-text">概念架构</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#%E9%80%BB%E8%BE%91%E6%9E%B6%E6%9E%84"><span class="toc-number">1.3.2.</span> <span class="toc-text">逻辑架构</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#%E6%9E%B6%E6%9E%84%E7%A4%BA%E4%BE%8B"><span class="toc-number">1.3.3.</span> <span class="toc-text">架构示例</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E4%B8%80%E3%80%81%E9%85%8D%E7%BD%AE%E8%99%9A%E6%8B%9F%E6%9C%BA%E4%B8%8E%E5%9F%BA%E6%9C%AC%E6%9C%8D%E5%8A%A1%E9%85%8D%E7%BD%AE"><span class="toc-number">1.4.</span> <span class="toc-text">一、配置虚拟机与基本服务配置</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#1-1%E3%80%81%E5%88%9B%E5%BB%BA%E8%99%9A%E6%8B%9F%E6%9C%BAcontroller"><span class="toc-number">1.4.1.</span> <span class="toc-text">1.1、创建虚拟机controller</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#1-2%E3%80%81%E5%88%9B%E5%BB%BA%E8%99%9A%E6%8B%9F%E6%9C%BAcompute"><span class="toc-number">1.4.2.</span> <span class="toc-text">1.2、创建虚拟机compute</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#1-3%E3%80%81controller%E8%8A%82%E7%82%B9%E4%B8%8A%E7%9A%84%E5%9F%BA%E6%9C%AC%E6%9C%8D%E5%8A%A1%E9%85%8D%E7%BD%AE"><span class="toc-number">1.4.3.</span> <span class="toc-text">1.3、controller节点上的基本服务配置</span></a><ol class="toc-child"><li class="toc-item toc-level-5"><a class="toc-link" href="#1-3-1%E3%80%81%E9%85%8D%E7%BD%AEcontroller%E8%8A%82%E7%82%B9%E7%BD%91%E5%8D%A1"><span class="toc-number">1.4.3.1.</span> <span class="toc-text">1.3.1、配置controller节点网卡</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#1-3-2%E3%80%81%E5%85%B3%E9%97%ADcontroller%E8%8A%82%E7%82%B9selinux%E5%92%8C%E9%98%B2%E7%81%AB%E5%A2%99"><span class="toc-number">1.4.3.2.</span> <span class="toc-text">1.3.2、关闭controller节点selinux和防火墙</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#1-3-3%E3%80%81%E4%BF%AE%E6%94%B9controller%E8%8A%82%E7%82%B9%E4%B8%BB%E6%9C%BA%E5%90%8D%E7%A7%B0"><span class="toc-number">1.4.3.3.</span> <span class="toc-text">1.3.3、修改controller节点主机名称</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#1-3-4%E3%80%81%E9%85%8D%E7%BD%AEcontroller%E8%8A%82%E7%82%B9%E6%97%B6%E9%97%B4%E6%9C%8D%E5%8A%A1%E5%99%A8"><span class="toc-number">1.4.3.4.</span> <span class="toc-text">1.3.4、配置controller节点时间服务器</span></a></li><li class="toc-item toc-level-5"><a class="toc-link"><span class="toc-number">1.4.3.5.</span> <span class="toc-text"></span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#1-3-5%E3%80%81%E5%AE%89%E8%A3%85Openstack%E6%BA%90"><span class="toc-number">1.4.3.6.</span> <span class="toc-text">1.3.5、安装Openstack源</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#1-3-6%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%E6%95%B0%E6%8D%AE%E5%BA%93"><span class="toc-number">1.4.3.7.</span> <span class="toc-text">1.3.6、安装配置数据库</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#1-3-7%E3%80%81%E6%B6%88%E6%81%AF%E9%98%9F%E5%88%97%E6%9C%8D%E5%8A%A1"><span class="toc-number">1.4.3.8.</span> <span class="toc-text">1.3.7、消息队列服务</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#1-3-8%E3%80%81%E7%BC%93%E5%AD%98%E6%9C%8D%E5%8A%A1"><span class="toc-number">1.4.3.9.</span> <span class="toc-text">1.3.8、缓存服务</span></a></li></ol></li><li class="toc-item toc-level-4"><a class="toc-link" href="#1-4%E3%80%81compute%E8%8A%82%E7%82%B9%E4%B8%8A%E7%9A%84%E5%9F%BA%E6%9C%AC%E6%9C%8D%E5%8A%A1%E9%85%8D%E7%BD%AE"><span class="toc-number">1.4.4.</span> <span class="toc-text">1.4、compute节点上的基本服务配置</span></a><ol class="toc-child"><li class="toc-item toc-level-5"><a class="toc-link" href="#1-4-1%E3%80%81%E9%85%8D%E7%BD%AEcompute%E8%8A%82%E7%82%B9%E7%BD%91%E5%8D%A1"><span class="toc-number">1.4.4.1.</span> <span class="toc-text">1.4.1、配置compute节点网卡</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#1-4-2%E3%80%81%E5%85%B3%E9%97%ADcompute%E8%8A%82%E7%82%B9selinux%E5%92%8C%E9%98%B2%E7%81%AB%E5%A2%99"><span class="toc-number">1.4.4.2.</span> <span class="toc-text">1.4.2、关闭compute节点selinux和防火墙</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#1-4-3%E3%80%81%E4%BF%AE%E6%94%B9compute%E8%8A%82%E7%82%B9%E4%B8%BB%E6%9C%BA%E5%90%8D%E7%A7%B0"><span class="toc-number">1.4.4.3.</span> <span class="toc-text">1.4.3、修改compute节点主机名称</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#1-4-4%E3%80%81%E9%85%8D%E7%BD%AEcompute%E8%8A%82%E7%82%B9%E6%97%B6%E9%97%B4%E6%9C%8D%E5%8A%A1%E5%99%A8"><span class="toc-number">1.4.4.4.</span> <span class="toc-text">1.4.4、配置compute节点时间服务器</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#1-4-5%E3%80%81%E5%AE%89%E8%A3%85Openstack%E6%BA%90"><span class="toc-number">1.4.4.5.</span> <span class="toc-text">1.4.5、安装Openstack源</span></a></li></ol></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E4%BA%8C%E3%80%81%E8%AE%A4%E8%AF%81%E6%9C%8D%E5%8A%A1%E2%80%94keystone%E5%AE%89%E8%A3%85"><span class="toc-number">1.5.</span> <span class="toc-text">二、认证服务—keystone安装</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#2-1%E3%80%81%E8%AE%A4%E8%AF%81%E6%9C%8D%E5%8A%A1%E6%A6%82%E8%BF%B0"><span class="toc-number">1.5.1.</span> <span class="toc-text">2.1、认证服务概述</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2-2%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%E5%87%86%E5%A4%87%E5%B7%A5%E4%BD%9C"><span class="toc-number">1.5.2.</span> <span class="toc-text">2.2、安装配置准备工作</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2-3%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE"><span class="toc-number">1.5.3.</span> <span class="toc-text">2.3、安装配置</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2-4%E3%80%81%E9%85%8D%E7%BD%AEApache-HTTP%E6%9C%8D%E5%8A%A1%E5%99%A8"><span class="toc-number">1.5.4.</span> <span class="toc-text">2.4、配置Apache HTTP服务器</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2-5%E3%80%81%E9%85%8D%E7%BD%AEkeystone%E7%9A%84%E7%AE%A1%E7%90%86%E5%B8%90%E6%88%B7"><span class="toc-number">1.5.5.</span> <span class="toc-text">2.5、配置keystone的管理帐户</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2-6%E3%80%81%E5%88%9B%E5%BB%BA%E5%9F%9F%E3%80%81%E9%A1%B9%E7%9B%AE%E3%80%81%E7%94%A8%E6%88%B7%E5%92%8C%E8%A7%92%E8%89%B2"><span class="toc-number">1.5.6.</span> <span class="toc-text">2.6、创建域、项目、用户和角色</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2-7%E3%80%81%E9%AA%8C%E8%AF%81%E6%93%8D%E4%BD%9C"><span class="toc-number">1.5.7.</span> <span class="toc-text">2.7、验证操作</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#2-8%E3%80%81%E5%88%9B%E5%BB%BA-OpenStack-%E5%AE%A2%E6%88%B7%E7%AB%AF%E7%8E%AF%E5%A2%83%E8%84%9A%E6%9C%AC"><span class="toc-number">1.5.8.</span> <span class="toc-text">2.8、创建 OpenStack 客户端环境脚本</span></a><ol class="toc-child"><li class="toc-item toc-level-5"><a class="toc-link" href="#2-8-1%E3%80%81%E5%88%9B%E5%BB%BA%E8%84%9A%E6%9C%AC"><span class="toc-number">1.5.8.1.</span> <span class="toc-text">2.8.1、创建脚本</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#2-8-2%E3%80%81%E4%BD%BF%E7%94%A8%E8%84%9A%E6%9C%AC"><span class="toc-number">1.5.8.2.</span> <span class="toc-text">2.8.2、使用脚本</span></a></li></ol></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E4%B8%89%E3%80%81%E9%95%9C%E5%83%8F%E6%9C%8D%E5%8A%A1%E2%80%94Glance%E5%AE%89%E8%A3%85"><span class="toc-number">1.6.</span> <span class="toc-text">三、镜像服务—Glance安装</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#3-1%E3%80%81%E9%95%9C%E5%83%8F%E6%9C%8D%E5%8A%A1%E6%A6%82%E8%BF%B0"><span class="toc-number">1.6.1.</span> <span class="toc-text">3.1、镜像服务概述</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#3-2%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%E5%87%86%E5%A4%87%E5%B7%A5%E4%BD%9C"><span class="toc-number">1.6.2.</span> <span class="toc-text">3.2、安装配置准备工作</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#3-3%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE"><span class="toc-number">1.6.3.</span> <span class="toc-text">3.3、安装配置</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#3-4%E3%80%81%E9%AA%8C%E8%AF%81%E6%93%8D%E4%BD%9C"><span class="toc-number">1.6.4.</span> <span class="toc-text">3.4、验证操作</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E5%9B%9B%E3%80%81placement%E6%9C%8D%E5%8A%A1%E2%80%94Placement%E5%AE%89%E8%A3%85"><span class="toc-number">1.7.</span> <span class="toc-text">四、placement服务—Placement安装</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#4-1%E3%80%81Placement%E6%9C%8D%E5%8A%A1%E6%A6%82%E8%A7%88"><span class="toc-number">1.7.1.</span> <span class="toc-text">4.1、Placement服务概览</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#4-2%E3%80%81%E9%83%A8%E7%BD%B2%E6%AD%A5%E9%AA%A4%E6%A6%82%E8%BF%B0"><span class="toc-number">1.7.2.</span> <span class="toc-text">4.2、部署步骤概述</span></a><ol class="toc-child"><li class="toc-item toc-level-5"><a class="toc-link" href="#4-2-1%E3%80%81%E9%83%A8%E7%BD%B2API%E6%9C%8D%E5%8A%A1"><span class="toc-number">1.7.2.1.</span> <span class="toc-text">4.2.1、部署API服务</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#4-2-2%E3%80%81%E5%90%8C%E6%AD%A5%E6%95%B0%E6%8D%AE%E5%BA%93"><span class="toc-number">1.7.2.2.</span> <span class="toc-text">4.2.2、同步数据库</span></a></li><li class="toc-item toc-level-5"><a class="toc-link" href="#4-2-3%E3%80%81%E5%88%9B%E5%BB%BA%E8%B4%A6%E6%88%B7%E5%B9%B6%E6%9B%B4%E6%96%B0%E6%9C%8D%E5%8A%A1%E7%9B%AE%E5%BD%95"><span class="toc-number">1.7.2.3.</span> <span class="toc-text">4.2.3、创建账户并更新服务目录</span></a></li></ol></li><li class="toc-item toc-level-4"><a class="toc-link" href="#4-3%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%E5%87%86%E5%A4%87%E5%B7%A5%E4%BD%9C"><span class="toc-number">1.7.3.</span> <span class="toc-text">4.3、安装配置准备工作</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#4-4%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE"><span class="toc-number">1.7.4.</span> <span class="toc-text">4.4、安装配置</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#4-5%E3%80%81%E9%AA%8C%E8%AF%81%E6%93%8D%E4%BD%9C"><span class="toc-number">1.7.5.</span> <span class="toc-text">4.5、验证操作</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E4%BA%94%E3%80%81%E8%AE%A1%E7%AE%97%E6%9C%8D%E5%8A%A1%E2%80%94nova%E5%AE%89%E8%A3%85"><span class="toc-number">1.8.</span> <span class="toc-text">五、计算服务—nova安装</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#5-1%E3%80%81%E8%AE%A1%E7%AE%97%E6%9C%8D%E5%8A%A1%E6%A6%82%E8%A7%88"><span class="toc-number">1.8.1.</span> <span class="toc-text">5.1、计算服务概览</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#5-2%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%E5%87%86%E5%A4%87%E5%B7%A5%E4%BD%9C%EF%BC%88%E6%8E%A7%E5%88%B6%E8%8A%82%E7%82%B9%EF%BC%89"><span class="toc-number">1.8.2.</span> <span class="toc-text">5.2、安装配置准备工作（控制节点）</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#5-3%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%EF%BC%88%E6%8E%A7%E5%88%B6%E8%8A%82%E7%82%B9%EF%BC%89"><span class="toc-number">1.8.3.</span> <span class="toc-text">5.3、安装配置（控制节点）</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#5-4%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%EF%BC%88%E8%AE%A1%E7%AE%97%E8%8A%82%E7%82%B9%EF%BC%89"><span class="toc-number">1.8.4.</span> <span class="toc-text">5.4、安装配置（计算节点）</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#5-5%E3%80%81%E5%B0%86%E8%AE%A1%E7%AE%97%E8%8A%82%E7%82%B9%E6%B7%BB%E5%8A%A0%E5%88%B0cell%E6%95%B0%E6%8D%AE%E5%BA%93%EF%BC%88%E6%8E%A7%E5%88%B6%E8%8A%82%E7%82%B9%EF%BC%89"><span class="toc-number">1.8.5.</span> <span class="toc-text">5.5、将计算节点添加到cell数据库（控制节点）</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#5-6%E3%80%81%E9%AA%8C%E8%AF%81%E6%93%8D%E4%BD%9C%EF%BC%88%E6%8E%A7%E5%88%B6%E8%8A%82%E7%82%B9%EF%BC%89"><span class="toc-number">1.8.6.</span> <span class="toc-text">5.6、验证操作（控制节点）</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E5%85%AD%E3%80%81%E7%BD%91%E7%BB%9C%E6%9C%8D%E5%8A%A1%E2%80%94neutron%E5%AE%89%E8%A3%85"><span class="toc-number">1.9.</span> <span class="toc-text">六、网络服务—neutron安装</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#6-1%E3%80%81%E7%BD%91%E7%BB%9C%E6%9C%8D%E5%8A%A1%E6%A6%82%E8%BF%B0"><span class="toc-number">1.9.1.</span> <span class="toc-text">6.1、网络服务概述</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#6-2%E3%80%81%E7%BD%91%E7%BB%9C-neturon-%E6%A6%82%E5%BF%B5"><span class="toc-number">1.9.2.</span> <span class="toc-text">6.2、网络(neturon)概念</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#6-3%E3%80%81%E5%AE%89%E8%A3%85%E4%B8%8E%E9%85%8D%E7%BD%AE%E5%87%86%E5%A4%87%E5%B7%A5%E4%BD%9C%EF%BC%88%E6%8E%A7%E5%88%B6%E8%8A%82%E7%82%B9%EF%BC%89"><span class="toc-number">1.9.3.</span> <span class="toc-text">6.3、安装与配置准备工作（控制节点）</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#6-4%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%EF%BC%88%E6%8E%A7%E5%88%B6%E8%8A%82%E7%82%B9%EF%BC%89"><span class="toc-number">1.9.4.</span> <span class="toc-text">6.4、安装配置（控制节点）</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#6-5%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%EF%BC%88%E8%AE%A1%E7%AE%97%E8%8A%82%E7%82%B9%EF%BC%89"><span class="toc-number">1.9.5.</span> <span class="toc-text">6.5、安装配置（计算节点）</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#6-6%E3%80%81%E9%AA%8C%E8%AF%81%E6%93%8D%E4%BD%9C%EF%BC%88%E6%8E%A7%E5%88%B6%E8%8A%82%E7%82%B9%EF%BC%89"><span class="toc-number">1.9.6.</span> <span class="toc-text">6.6、验证操作（控制节点）</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E4%B8%83%E3%80%81%E5%90%AF%E5%8A%A8%E5%AE%9E%E4%BE%8B%EF%BC%88%E5%91%BD%E4%BB%A4%E8%A1%8C%E6%96%B9%E5%BC%8F%EF%BC%89"><span class="toc-number">1.10.</span> <span class="toc-text">七、启动实例（命令行方式）</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#7-1%E3%80%81%E5%88%9B%E5%BB%BA%E6%8F%90%E4%BE%9B%E8%80%85%E7%BD%91%E7%BB%9C%EF%BC%88%E6%8E%A7%E5%88%B6%E8%8A%82%E7%82%B9%EF%BC%89"><span class="toc-number">1.10.1.</span> <span class="toc-text">7.1、创建提供者网络（控制节点）</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#7-2%E3%80%81Create-m1-nano-flavor"><span class="toc-number">1.10.2.</span> <span class="toc-text">7.2、Create m1.nano flavor</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#7-3%E3%80%81%E5%9C%A8provider-network%E4%B8%8A%E5%90%AF%E5%8A%A8%E4%B8%80%E4%B8%AA%E5%AE%9E%E4%BE%8B"><span class="toc-number">1.10.3.</span> <span class="toc-text">7.3、在provider network上启动一个实例</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#7-4%E3%80%81%E4%BD%BF%E7%94%A8%E8%99%9A%E6%8B%9F%E6%8E%A7%E5%88%B6%E5%8F%B0%E8%AE%BF%E9%97%AE%E5%AE%9E%E4%BE%8B"><span class="toc-number">1.10.4.</span> <span class="toc-text">7.4、使用虚拟控制台访问实例</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#7-5%E3%80%81%E8%BF%9C%E7%A8%8B%E8%AE%BF%E9%97%AE%E5%AE%9E%E4%BE%8B"><span class="toc-number">1.10.5.</span> <span class="toc-text">7.5、远程访问实例</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E5%85%AB%E3%80%81Dashboard"><span class="toc-number">1.11.</span> <span class="toc-text">八、Dashboard</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#8-1%E3%80%81%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%EF%BC%88%E6%8E%A7%E5%88%B6%E8%8A%82%E7%82%B9%EF%BC%89"><span class="toc-number">1.11.1.</span> <span class="toc-text">8.1、安装配置（控制节点）</span></a></li></ol></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E5%AE%98%E6%96%B9%E6%96%87%E6%A1%A3%EF%BC%9A"><span class="toc-number">1.12.</span> <span class="toc-text">官方文档：</span></a></li></ol></li></ol>
    </nav>
  </div>
</aside>

<main class="main" role="main">
  <div class="content">
  <article id="post-openstack实战" class="article article-type-post" itemscope itemtype="http://schema.org/BlogPosting">
    
    <div class="article-header">
      
        
  
    <h1 class="article-title" itemprop="name">
      OpenStack-T版搭建笔记
    </h1>
  

      
      <div class="article-meta">
        <span class="article-date">
    <i class="icon icon-calendar-check"></i>
	<a href="/2021/12/31/openstack%E5%AE%9E%E6%88%98/" class="article-date">
	  <time datetime="2021-12-30T23:33:07.000Z" itemprop="datePublished">2021-12-31</time>
	</a>
</span>
        
  <span class="article-category">
    <i class="icon icon-folder"></i>
    <a class="article-category-link" href="/categories/openstack/">OpenStack</a>
  </span>

        
  <span class="article-tag">
    <i class="icon icon-tags"></i>
	<a class="article-tag-link-link" href="/tags/openstack/" rel="tag">OpenStack</a>
  </span>


        

        <span class="post-comment"><i class="icon icon-comment"></i> <a href="/2021/12/31/openstack%E5%AE%9E%E6%88%98/#comments" class="article-comment-link">评论</a></span>
        
	
		<span class="post-wordcount hidden-xs" itemprop="wordCount">字数统计: 19.1k(字)</span>
	
	
		<span class="post-readcount hidden-xs" itemprop="timeRequired">阅读时长: 77(分)</span>
	

      </div>
    </div>
    <div class="article-entry marked-body" itemprop="articleBody">
      
        <h2 id="OpenStack-T版搭建笔记"><a href="#OpenStack-T版搭建笔记" class="headerlink" title="OpenStack-T版搭建笔记"></a>OpenStack-T版搭建笔记</h2><h3 id="概览"><a href="#概览" class="headerlink" title="概览"></a>概览</h3><p>OpenStack 项目是一个开源的云计算平台，支持所有类型的云环境。该项目的目标是简单的实现，大规模的可扩展性，以及丰富的功能集。来自世界各地的云计算专家为该项目做出了贡献。</p>
<p>OpenStack 通过各种互补的服务提供了一种基础设施即服务(IaaS)解决方案。每个服务都提供了一个应用程序编程接口(API) ，以促进这种集成。根据您的需要，您可以安装部分或全部服务。</p>
<p>本指南使用适合具有足够 Linux 经验的 OpenStack 新用户的功能示例体系结构，介绍了主要 OpenStack 服务的分步部署。本指南并不打算用于生产系统安装，而是为了学习 OpenStack 而创建一个最基本的概念验证。</p>
<p>在熟悉这些 OpenStack 服务的基本安装、配置、操作和故障排除之后，您应该考虑使用生产体系结构进行部署的以下步骤:</p>
<ul>
<li><p>确定并实现必要的核心和可选服务，以满足性能和冗余需求。</p>
</li>
<li><p>使用防火墙、加密和服务策略等方法提高安全性。</p>
</li>
<li><p>实现一个部署工具，如 Ansible、Chef、Puppet或Salt，以自动化生产环境的部署和管理。</p>
</li>
</ul>
<h3 id="OpenStack服务"><a href="#OpenStack服务" class="headerlink" title="OpenStack服务"></a>OpenStack服务</h3><p><a target="_blank" rel="noopener" href="https://www.openstack.org/software/project-navigator/openstack-components">OpenStack project navigator</a>允许您浏览构成OpenStack体系结构的OpenStack服务。服务按照服务类型和发布系列分类。</p>
<h3 id="架构"><a href="#架构" class="headerlink" title="架构"></a>架构</h3><h4 id="概念架构"><a href="#概念架构" class="headerlink" title="概念架构"></a>概念架构</h4><p>下图显示了 OpenStack 服务之间的关系:</p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211227175108208.png" alt="image-20211227175108208"></p>
<h4 id="逻辑架构"><a href="#逻辑架构" class="headerlink" title="逻辑架构"></a>逻辑架构</h4><p>要设计、部署和配置 OpenStack，管理员必须了解逻辑架构。</p>
<p>如概念架构所示，OpenStack由几个独立的部分组成，称为OpenStack服务。所有服务都通过公共认证服务进行身份验证。各个服务通过公共APIs相互交互，但需要特权管理员命令的服务除外。</p>
<p>在内部，OpenStack服务由几个进程组成。所有服务都至少有一个API进程，用于侦听API请求、预处理它们并将它们传递到服务的其他部分。除了Identity服务之外，实际工作由不同的流程完成。</p>
<p>对于一个服务的进程之间的通信，使用AMQP消息代理。服务的状态存储在数据库中。在部署和配置OpenStack云时，您可以选择几种消息代理和数据库解决方案，比如RabbitMQ、MySQL、MariaDB和SQLite。</p>
<p>用户可以通过Horizon Dashboard实现的基于web的用户界面、命令行客户端以及通过浏览器插件或curl等工具发出API请求来访问OpenStack。对于应用程序，有<a target="_blank" rel="noopener" href="https://developer.openstack.org/#sdk">several SDKs</a>可用。最终，所有这些访问方法都会向各种OpenStack服务发出REST API调用。</p>
<p>下图显示了OpenStack云最常见但不是唯一可能的架构:</p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211227180212669.png" alt="image-20211227180212669"></p>
<h4 id="架构示例"><a href="#架构示例" class="headerlink" title="架构示例"></a>架构示例</h4><p>本示例体系结构需要至少两个节点(主机)来启动基本虚拟机(VM)或实例。块存储和对象存储等可选服务需要额外的节点。</p>
<p>本指南中使用的示例体系结构是最小配置，不适用于生产系统安装。它旨在提供一个最低限度的概念证明，以便学习 OpenStack。有关为特定用例创建体系结构，或者如何确定需要哪种体系结构的信息，请参阅体系结构设计指南。<a target="_blank" rel="noopener" href="https://docs.openstack.org/arch-design/">https://docs.openstack.org/arch-design/</a></p>
<p>这个示例体系结构与最小生产体系结构的区别如下:</p>
<ul>
<li>网络代理驻留在控制器节点而不是一个或多个专用网络节点上。</li>
<li>自助服务网络的overlay(隧道)流量经过管理网络，而不是专用网络。</li>
</ul>
<p>有关生产体系结构的详细信息, see the <a target="_blank" rel="noopener" href="https://docs.openstack.org/arch-design/">Architecture Design Guide</a>, <a target="_blank" rel="noopener" href="https://wiki.openstack.org/wiki/OpsGuide">OpenStack Operations Guide</a>, and <a target="_blank" rel="noopener" href="https://docs.openstack.org/ocata/networking-guide/">OpenStack Networking Guide</a>.</p>
<p><strong>硬件要求：</strong></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225191147010.png" alt="image-20211225191147010"></p>
<p><strong>Controller</strong>：控制器节点运行 Identity 服务、Image服务、 Compute 的管理部分、 Networking 的管理部分、各种 Networking 代理和 Dashboard。它还包括支持服务，如 SQL 数据库、消息队列和网络时间协议(NTP)。</p>
<p>可选地，控制器节点运行块存储( Block Storage)、对象存储(Object Storage)、编排(Orchestration)和遥测服务 (Telemetry services)的部分。</p>
<p><strong>Compute</strong>：计算节点运行 Compute（操作实例）的 hypervisor 部分。默认情况下，Compute 使用基于内核的 VM (KVM)管理程序。</p>
<p>计算节点还运行一个 Networking 服务代理，该代理将实例连接到虚拟网络，并通过安全组向实例提供防火墙服务。</p>
<p>您可以部署多个计算节点。每个节点至少需要两个网络接口。</p>
<p><strong>Block Storage</strong>：可选的Block Storage节点包含多个磁盘，这些磁盘块为实例提供块存储和共享文件系统服务。</p>
<p>为简单起见，计算节点和此节点之间的服务通信使用管理网络。生产环境应该实现一个单独的存储网络，以提高性能和安全性。</p>
<p>可以部署多个块存储节点。每个节点至少需要一个网络接口。</p>
<p><strong>Object Storage</strong>：可选的对象存储节点包含多个磁盘，这些磁盘(对象存储服务)用于存储帐户、容器和对象。</p>
<p>为简单起见，计算节点和此节点之间的服务通信使用管理网络。生产环境应该实现一个单独的存储网络，以提高性能和安全性。</p>
<p>此服务需要两个节点。每个节点至少需要一个网络接口。您可以部署两个以上的对象存储节点。</p>
<p><strong>Networking</strong>：选择下列虚拟网络选项之一</p>
<p>联网方案1：Provider networks（提供商网络）</p>
<p>Provider networks 选项以最简单的方式部署 OpenStack Networking 服务，主要是第二层(bridging/switching 桥接/交换)服务和VLAN网络分割。从本质上讲，它将虚拟网络与物理网络桥接起来，并依靠物理网络基础设施提供第三层(routing 路由)服务。此外，DHCP(Dynamic Host Configuration Protocol)服务为实例提供 IP 地址信息。</p>
<p>OpenStack 用户需要有关基础网络基础设施的更多信息，以创建一个虚拟网络来与基础设施完全匹配。</p>
<p>此选项缺乏对自助(私有)网络、第三层(路由)服务和高级服务(如 Load-Balancer-as-a-Service (LBaaS)和 FireWall-as-a-Service (FWaaS))的支持。如果您需要这些特性，可以考虑下面的自助服务网络选项。</p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225193154146.png" alt="image-20211225193154146"></p>
<p>联网方案1：Self-service networks（自助服务网络）</p>
<p>自助服务网络选项增加了提供者网络选项，增加了第3层(routing 路由)服务，这些服务使用overlay segmentation methods(如 Virtual Extensible LAN 服务(VXLAN))支持自助服务网络。本质上，它使用网络地址转换(NAT)将虚拟网络路由到物理网络。此外，此选项为LBaaS和FWaaS等高级服务提供了基础。</p>
<p>OpenStack 用户可以在不了解数据网络底层基础结构的情况下创建虚拟网络。如果是根据需要配置了layer-2 plug-in，那么还可以包括 VLAN 网络。</p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225203232893.png" alt="image-20211225203232893"></p>
<h3 id="一、配置虚拟机与基本服务配置"><a href="#一、配置虚拟机与基本服务配置" class="headerlink" title="一、配置虚拟机与基本服务配置"></a>一、配置虚拟机与基本服务配置</h3><h4 id="1-1、创建虚拟机controller"><a href="#1-1、创建虚拟机controller" class="headerlink" title="1.1、创建虚拟机controller"></a>1.1、创建虚拟机controller</h4><p>文件→新建虚拟机→典型→稍后安装操作系统→Linux(版本centos 7 64位)→虚拟机名称：controller，位置（自定义）→最大磁盘大小（60G），选择‘将虚拟磁盘存储为单个文件’→一直下一步→编辑此虚拟机（设置内存：8GB，处理器：4，虚拟化引擎：虚拟化Intel VT -x/EPT或AMD-V/RVI，CD/DVD：选择Linux系统CentOS-7-x86_64-Minimal-1908.iso，再添加个网络适配器：仅主机模式，）→确定→开启虚拟机→设置语言（English）→设置时区（Asia、sahnghai）→设置磁盘分区（SYSTEM→INSTALLATION DESTINATION）→/boot sda1 200M，swap centos-swap 2048M，/ centos-root 57.8G(剩余的空间)→设置NETWORK &amp; HOSTNAME（这里的名称可以在进入系统后再设置）→设置开机开机root账号对应的密码→reboot</p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221222944980.png" alt="image-20211221222944980"></p>
<h4 id="1-2、创建虚拟机compute"><a href="#1-2、创建虚拟机compute" class="headerlink" title="1.2、创建虚拟机compute"></a>1.2、创建虚拟机compute</h4><p>文件→新建虚拟机→典型→稍后安装操作系统→Linux(版本centos 7 64位)→虚拟机名称：controller，位置（自定义）→最大磁盘大小（60G），选择‘将虚拟磁盘存储为单个文件’→一直下一步→编辑此虚拟机（设置内存：4GB，处理器：4，虚拟化引擎：虚拟化Intel VT -x/EPT或AMD-V/RVI，CD/DVD：选择Linux系统CentOS-7-x86_64-Minimal-1908.iso，再添加个网络适配器：仅主机模式，）→确定→开启虚拟机→设置语言（English）→设置时区（Asia、sahnghai）→设置磁盘分区（SYSTEM→INSTALLATION DESTINATION）→/boot sda1 200M，swap centos-swap 2048M，/ centos-root 57.8G(剩余的空间)→设置NETWORK &amp; HOSTNAME（这里的名称可以在进入系统后再设置）→设置开机开机root账号对应的密码→reboot</p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221223000275.png" alt="image-20211221223000275"></p>
<h4 id="1-3、controller节点上的基本服务配置"><a href="#1-3、controller节点上的基本服务配置" class="headerlink" title="1.3、controller节点上的基本服务配置"></a>1.3、controller节点上的基本服务配置</h4><p>环境配置参考：<a target="_blank" rel="noopener" href="https://docs.openstack.org/install-guide/environment.html">https://docs.openstack.org/install-guide/environment.html</a></p>
<h5 id="1-3-1、配置controller节点网卡"><a href="#1-3-1、配置controller节点网卡" class="headerlink" title="1.3.1、配置controller节点网卡"></a>1.3.1、配置controller节点网卡</h5><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"><span class="comment"># IP地址、子网掩码、网关要根据自己的情况设置</span></span></span><br><span class="line"><span class="meta">#</span><span class="bash"><span class="comment"># 配置controller网卡ifcfg-ens33</span></span></span><br><span class="line"><span class="meta">#</span><span class="bash"><span class="comment"># 配置完成后可以使用xshell等软件进行远程ssh连接</span></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 进入/etc/sysconfig/network-scripts/ifcfg-ens33进行配置</span></span><br><span class="line">vi /etc/sysconfig/network-scripts/ifcfg-ens33</span><br><span class="line"><span class="meta">#</span><span class="bash"> 将配置文件中的内容显示在终端</span></span><br><span class="line">cat /etc/sysconfig/network-scripts/ifcfg-ens33</span><br><span class="line"><span class="meta">#</span><span class="bash"> 打开网络接口</span> </span><br><span class="line">nmcli C up ens33</span><br><span class="line"><span class="meta">#</span><span class="bash"> 配置完成后重启网络</span></span><br><span class="line">systemctl restart network</span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看IP</span></span><br><span class="line">ip a</span><br><span class="line"><span class="meta">#</span><span class="bash"> ping一下外网（如果ping不同可能是没有打开网络接口）</span></span><br><span class="line">ping baidu.com</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211220220657280.png" alt="image-20211220220657280"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211220220949588.png" alt="image-20211220220949588"></p>
<h5 id="1-3-2、关闭controller节点selinux和防火墙"><a href="#1-3-2、关闭controller节点selinux和防火墙" class="headerlink" title="1.3.2、关闭controller节点selinux和防火墙"></a>1.3.2、关闭controller节点selinux和防火墙</h5><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"><span class="comment"># 关闭selinux</span></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 方式一</span></span><br><span class="line">sed -i &#x27;s/SELINUX=enforcing/SELINUX=disabled/g&#x27; /etc/selinux/config</span><br><span class="line"><span class="meta">#</span><span class="bash"> 方式二</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 打开selinux配置文件</span></span><br><span class="line">vi /etc/selinux/config</span><br><span class="line"><span class="meta">#</span><span class="bash"> 或者查看selinux配置文件</span></span><br><span class="line">cat /etc/selinux/config</span><br><span class="line"><span class="meta">#</span><span class="bash"> 修改其中的SELINUX参数</span></span><br><span class="line">SELINUX=disabled</span><br><span class="line"><span class="meta">#</span><span class="bash"> getenforce查看是否开启了SELinux</span></span><br><span class="line">Enforcing  #默认是开启的</span><br><span class="line"><span class="meta">#</span><span class="bash"> setenforce 0     0： 切换成 permissive（宽容模式）</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> setenforce 1     1： 切换成 enforcing（强制模式）</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 切换成宽容模式</span></span><br><span class="line">setenforce 0</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"><span class="comment"># 查看防火墙设置</span></span></span><br><span class="line">systemctl status firewalld</span><br><span class="line"><span class="meta">#</span><span class="bash"> 关闭防火墙   <span class="string">&#x27;;&#x27;</span>表示 &amp;&amp;</span></span><br><span class="line">systemctl stop firewalld; systemctl disable firewalld</span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看当前iptables规则(防火墙规则)</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> https://www.cnblogs.com/yyxianren/p/10910930.html</span></span><br><span class="line">iptables -L</span><br></pre></td></tr></table></figure>

<h5 id="1-3-3、修改controller节点主机名称"><a href="#1-3-3、修改controller节点主机名称" class="headerlink" title="1.3.3、修改controller节点主机名称"></a>1.3.3、修改controller节点主机名称</h5><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 修改controller节点主机名称</span></span><br><span class="line">hostnamectl set-hostname controller</span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看hostname</span></span><br><span class="line">hostname</span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看ip</span></span><br><span class="line">hostname -I</span><br><span class="line"><span class="meta">#</span><span class="bash"> 重新登录</span></span><br><span class="line">logout</span><br></pre></td></tr></table></figure>

<h5 id="1-3-4、配置controller节点时间服务器"><a href="#1-3-4、配置controller节点时间服务器" class="headerlink" title="1.3.4、配置controller节点时间服务器"></a>1.3.4、配置controller节点时间服务器</h5><p>为了使各节点之间的服务能够正常同步，可以安装NTP的实现器Chrony。建议将控制节点配置为引用更精确(较低层次)的服务器，并将其他节点配置为引用控制节点。</p>
<p><strong>控制节点</strong></p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、安装Chrony包</span></span><br><span class="line">yum install chrony</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、编辑chrony.conf文件，并根据环境的需要添加、更改或删除以下键</span></span><br><span class="line">vi /etc/chrony.conf</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.1、 <span class="string">&quot;server NTP_SERVER iburst&quot;</span>中将“NTP_SERVER”替换为更合适、更准确(级别较低)的NTP服务器的主机名或IP地址。该配置支持多个服务器密钥</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> <span class="string">&quot;server NTP_SERVER iburst&quot;</span>替换为</span></span><br><span class="line">server ntp3.aliyun.com iburst</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.2、为了使其他节点能够连接到控制器节点上的chrony守护进程，将这个key添加到前面提到的同一个chrony.conf文件中</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 如果有必要，将10.0.0.0/24替换为您子网的描述</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 将<span class="string">&quot;allow 192.168.0.0/16&quot;</span>替换为所有节点都可以</span></span><br><span class="line">allow all</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.3、设置即使没有与时间源同步，也可以提供时间最大机器数</span></span><br><span class="line">local stratum 10</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211220235237267.png" alt="image-20211220235237267"></p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 3、配置完成后，重启chrony配置文件 d表示守护进程</span></span><br><span class="line">systemctl restart chronyd</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、查看chronyd进程的状态</span></span><br><span class="line">systemctl status chronyd </span><br><span class="line"><span class="meta">#</span><span class="bash"> 5、同步时间，同步之后date查看时间，看是否与互联网时间一致</span></span><br><span class="line">chronyc sources -v</span><br><span class="line"><span class="meta">#</span><span class="bash"> 6、设置hosts解析,在hosts文件中添加controller、compute节点的host解析</span></span><br><span class="line">vi /etc/hosts</span><br><span class="line">controller节点的IP controller</span><br><span class="line">compute节点的IP compute</span><br><span class="line"><span class="meta">#</span><span class="bash"> 7、设置hosts解析后，ping一下进行验证</span></span><br><span class="line">ping controller</span><br><span class="line">ping compute</span><br></pre></td></tr></table></figure>

<h5 id><a href="#" class="headerlink" title></a><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211220235540289.png" alt="image-20211220235540289"></h5><h5 id="1-3-5、安装Openstack源"><a href="#1-3-5、安装Openstack源" class="headerlink" title="1.3.5、安装Openstack源"></a>1.3.5、安装Openstack源</h5><p>由于发行版时间表不同，发行版将OpenStack包作为发行版的一部分发布，或者使用其他方法发布。在所有节点上执行这些过程。</p>
<p><em>Note：</em>此处描述的OpenStack包的设置需要在所有节点上完成:控制器、计算节点和块存储节点。</p>
<p><em>Warning：</em>在进一步操作之前，您的主机必须包含可用于发行版的基本安装包的最新版本。</p>
<p><em>Note：</em>禁用或删除任何自动更新服务，因为它们会影响OpenStack环境。</p>
<p><em>Warning：</em>我们建议在使用RDO包时禁用EPEL，因为EPEL中的更新会破坏向后兼容性。或者，最好使用yum-versionlock插件钉住包版本。</p>
<p>启用OpenStack存储库</p>
<p>在CentOS上，extras存储库提供了支持OpenStack存储库的RPM。CentOS默认包含了额外的存储库，所以您可以简单地安装这个包来启用OpenStack存储库。对于CentOS8，您还需要启用PowerTools存储库。</p>
<p><strong>安装Train release时，运行:</strong></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221000151695.png" alt="image-20211221000151695"></p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 查看本地是否有openstack包</span></span><br><span class="line">yum list | grep openstack*</span><br><span class="line"><span class="meta">#</span><span class="bash"> 安装Train release时，运行</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 安装centos-release-openstack-train相关依赖包</span></span><br><span class="line">yum install centos-release-openstack-train -y</span><br><span class="line"><span class="meta">#</span><span class="bash"> 安装完成后可以查看一下安装的库</span></span><br><span class="line">cd /etc/yum.repos.d/</span><br><span class="line">ll</span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看安装库的内核</span></span><br><span class="line">cat /etc/redhat-release</span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看节点系统内核</span></span><br><span class="line">uname -a</span><br><span class="line"><span class="meta">#</span><span class="bash"> 升级（可选）</span></span><br><span class="line">yum upgrade</span><br><span class="line"><span class="meta">#</span><span class="bash"> 相关的依赖包安装之后，需要用什么就安装相应的源</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 为您的版本安装合适的OpenStack客户端</span></span><br><span class="line">yum install python-openstackclient -y</span><br><span class="line"><span class="meta">#</span><span class="bash"> RHEL和CentOS默认启用SELinux。安装OpenStack -selinux包，实现OpenStack服务的安全策略自动管理</span></span><br><span class="line">yum install openstack-selinux -y</span><br></pre></td></tr></table></figure>

<h5 id="1-3-6、安装配置数据库"><a href="#1-3-6、安装配置数据库" class="headerlink" title="1.3.6、安装配置数据库"></a>1.3.6、安装配置数据库</h5><p>多数OpenStack服务使用SQL数据库存储信息。数据库通常运行在<strong>控制节点</strong>上。本指南中的过程根据发行版使用MariaDB或MySQL。OpenStack服务还支持PostgreSQL等其他SQL数据库。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、控制节点安装数据库（安装数据库客户端、服务端以及python2-PyMySQL操作数据库的模块）</span></span><br><span class="line">yum install mariadb mariadb-server python2-PyMySQL -y</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、创建并编辑/etc/my.cnf.d/openstack.cnf文件(备份/etc/my.cnf.d/现有配置文件)，完成如下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.1、创建[mysqld]区域，并将bind-address key设置为控制节点的管理IP地址，以便其他节点通过管理网络访问。设置额外的键以启用有用的选项和UTF-8字符集</span></span><br><span class="line">vi /etc/my.cnf.d/openstack.cnf</span><br><span class="line">[mysqld]</span><br><span class="line">bind-address = 192.168.147.8</span><br><span class="line"></span><br><span class="line">default-storage-engine = innodb</span><br><span class="line">innodb_file_per_table = on</span><br><span class="line">max_connections = 4096</span><br><span class="line">collation-server = utf8_general_ci</span><br><span class="line">character-set-server = utf8</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、完成安装</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.1、启动数据库服务，并将其配置为系统启动时自动启动</span></span><br><span class="line">systemctl enable mariadb.service</span><br><span class="line">systemctl start mariadb.service</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.2、运行mysql_secure_installation脚本初始化数据库服务。为数据库root帐户设置密码（回车 y 设置密码:123456 y n y y ）</span></span><br><span class="line">mysql_secure_installation</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、验证数据库是否可以登录</span></span><br><span class="line">mysql -p</span><br><span class="line">quit</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221220650498.png" alt="image-20211221220650498"></p>
<h5 id="1-3-7、消息队列服务"><a href="#1-3-7、消息队列服务" class="headerlink" title="1.3.7、消息队列服务"></a>1.3.7、消息队列服务</h5><p>OpenStack通过消息队列来协调各服务之间的操作和状态信息。消息队列服务通常运行在<strong>控制节点</strong>上。OpenStack支持RabbitMQ、Qpid、ZeroMQ等消息队列服务。但是，大多数封装OpenStack的发行版都支持特定的消息队列服务。本指南实现了RabbitMQ消息队列服务，因为大多数发行版都支持它。</p>
<p>消息队列运行在控制节点上。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、安装rabbitmq-server服务包</span></span><br><span class="line">yum install rabbitmq-server -y</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、启动消息队列服务，并将其配置为在系统启动时自动启动</span></span><br><span class="line">systemctl enable rabbitmq-server.service</span><br><span class="line">systemctl start rabbitmq-server.service</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、添加openstack用户，用合适的密码替换RABBIT_PASS（设置rabbitmq openstack用户密码：openstack123）</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> rabbitmqctl add_user openstack RABBIT_PASS</span></span><br><span class="line">rabbitmqctl add_user openstack openstack123</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、允许openstack用户进行配置、写、读访问</span></span><br><span class="line">rabbitmqctl set_permissions openstack &quot;.*&quot; &quot;.*&quot; &quot;.*&quot;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 5、可以通过命令来查rabbitmq的帮助</span></span><br><span class="line">rabbitmqctl -h</span><br><span class="line">rabbitmqctl -h | grep user</span><br><span class="line">rabbitmqctl list_users</span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看rabbitmq需要启动的服务(需要启动rabbitmq_management、rabbitmq_management_agent)</span></span><br><span class="line">rabbitmq-plugins list</span><br><span class="line"><span class="meta">#</span><span class="bash"> 启动rabbitmq_management和rabbitmq_management_agent服务</span></span><br><span class="line">rabbitmq-plugins enable rabbitmq_management rabbitmq_management_agent</span><br><span class="line"><span class="meta">#</span><span class="bash"> 6、启动完成后看看是否可以访问rabbitmq</span></span><br><span class="line">ss -tnl		# 查看服务端口</span><br><span class="line">hostname -I    # 查当前节点（控制节点）的IP</span><br><span class="line"><span class="meta">#</span><span class="bash"> 7、在浏览器中访问： http://192.168.147.8:15672/</span></span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221221028972.png" alt="image-20211221221028972"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221221724388.png" alt="image-20211221221724388"></p>
<h5 id="1-3-8、缓存服务"><a href="#1-3-8、缓存服务" class="headerlink" title="1.3.8、缓存服务"></a>1.3.8、缓存服务</h5><p>服务的身份验证机制使用Memcached来缓存令牌。memcached服务通常运行在<strong>控制节点</strong>上。对于生产部署，建议启用防火墙、身份验证和加密的组合来保护它。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、安装memcached、python-memcached包</span></span><br><span class="line">yum install memcached python-memcached -y</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、编辑/etc/sysconfig/memcached文件，完成如下操作</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 配置服务使用控制节点的管理IP地址。使其他节点可以通过管理网络访问</span></span><br><span class="line">vi /etc/sysconfig/memcached</span><br><span class="line">CACHESIZE=&quot;1024&quot;</span><br><span class="line">OPTIONS=&quot;-l 127.0.0.1,::1,controller&quot;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、完成安装</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 启动Memcached服务，并将其配置为在系统启动时自动启动</span></span><br><span class="line">systemctl enable memcached.service</span><br><span class="line">systemctl start memcached.service</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、查看缓存服务状态</span></span><br><span class="line">systemctl status memcached.service</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221222153900.png" alt="image-20211221222153900"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221222250749.png" alt="image-20211221222250749"></p>
<h4 id="1-4、compute节点上的基本服务配置"><a href="#1-4、compute节点上的基本服务配置" class="headerlink" title="1.4、compute节点上的基本服务配置"></a>1.4、compute节点上的基本服务配置</h4><h5 id="1-4-1、配置compute节点网卡"><a href="#1-4-1、配置compute节点网卡" class="headerlink" title="1.4.1、配置compute节点网卡"></a>1.4.1、配置compute节点网卡</h5><p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211220225621315.png" alt="image-20211220225621315"></p>
<h5 id="1-4-2、关闭compute节点selinux和防火墙"><a href="#1-4-2、关闭compute节点selinux和防火墙" class="headerlink" title="1.4.2、关闭compute节点selinux和防火墙"></a>1.4.2、关闭compute节点selinux和防火墙</h5><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sed -i &#x27;s/SELINUX=enforcing/SELINUX=disabled/g&#x27; /etc/selinux/config; systemctl stop firewalld; systemctl disable firewalld</span><br></pre></td></tr></table></figure>

<h5 id="1-4-3、修改compute节点主机名称"><a href="#1-4-3、修改compute节点主机名称" class="headerlink" title="1.4.3、修改compute节点主机名称"></a>1.4.3、修改compute节点主机名称</h5><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 修改compute节点主机名称</span></span><br><span class="line">hostnamectl set-hostname compute</span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看hostname</span></span><br><span class="line">hostname</span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看ip</span></span><br><span class="line">hostname -I</span><br><span class="line"><span class="meta">#</span><span class="bash"> 重新登录</span></span><br><span class="line">logout</span><br></pre></td></tr></table></figure>

<h5 id="1-4-4、配置compute节点时间服务器"><a href="#1-4-4、配置compute节点时间服务器" class="headerlink" title="1.4.4、配置compute节点时间服务器"></a>1.4.4、配置compute节点时间服务器</h5><p><strong>其它节点（compute节点）</strong></p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、设置hosts解析,在hosts文件中添加controller、compute节点的host解析</span></span><br><span class="line">vi /etc/hosts</span><br><span class="line"><span class="meta">#</span><span class="bash"> 添加controller、compute节点的host解析</span></span><br><span class="line">controller节点的IP controller</span><br><span class="line">compute节点的IP compute</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、设置hosts解析后，ping一下进行验证</span></span><br><span class="line">ping controller</span><br><span class="line">ping compute</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、安装Chrony包</span></span><br><span class="line">yum install chrony</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4.1、编辑chrony.conf文件，并根据环境的需要添加、更改或删除以下键</span></span><br><span class="line">vi /etc/chrony.conf</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4.2、从节点（其它节点）根据控制节点来设置，因为控制节点已经做了hosts解析，所以直接填主机的名称即可。其它不用设置</span></span><br><span class="line">server controller iburst</span><br><span class="line"><span class="meta">#</span><span class="bash"> 5、配置完成后，重启chrony配置文件 d表示守护进程</span></span><br><span class="line">systemctl restart chronyd</span><br><span class="line"><span class="meta">#</span><span class="bash"> 6、同步时间</span></span><br><span class="line">chronyc sources -v</span><br><span class="line"><span class="meta">#</span><span class="bash"> 7、date查看时间，与互联网时间比较</span></span><br><span class="line">date</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221001221270.png" alt="image-20211221001221270"></p>
<h5 id="1-4-5、安装Openstack源"><a href="#1-4-5、安装Openstack源" class="headerlink" title="1.4.5、安装Openstack源"></a>1.4.5、安装Openstack源</h5><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 查看本地是否有openstack包</span></span><br><span class="line">yum list | grep openstack*</span><br><span class="line"><span class="meta">#</span><span class="bash"> 安装Train release时，运行</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 安装centos-release-openstack-train相关依赖包</span></span><br><span class="line">yum install centos-release-openstack-train -y</span><br><span class="line"><span class="meta">#</span><span class="bash"> 安装完成后可以查看一下安装的库</span></span><br><span class="line">cd /etc/yum.repos.d/</span><br><span class="line">ll</span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看安装库的内核</span></span><br><span class="line">cat /etc/redhat-release</span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看节点系统内核</span></span><br><span class="line">uname -a</span><br><span class="line"><span class="meta">#</span><span class="bash"> 升级（可选）</span></span><br><span class="line">yum upgrade</span><br><span class="line"><span class="meta">#</span><span class="bash"> 相关的依赖包安装之后，需要用什么就安装相应的源</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 比如安装OpenStack客户端以及安装OpenStack -selinux包，实现OpenStack服务的安全策略自动管理</span></span><br><span class="line">yum install python-openstackclient openstack-selinux -y</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211221000130660.png" alt="image-20211221000130660"></p>
<h3 id="二、认证服务—keystone安装"><a href="#二、认证服务—keystone安装" class="headerlink" title="二、认证服务—keystone安装"></a>二、认证服务—keystone安装</h3><p>OpenStack系统由几个关键服务组成，分别安装。这些服务根据您的云需求协同工作，包括计算、身份、网络、图像、块存储、对象存储、遥测、编排和数据库服务（Compute, Identity, Networking, Image, Block Storage, Object Storage, Telemetry, Orchestration, and Database services）。您可以单独安装这些项目中的任何一个，并将它们配置为独立的或连接的实体。</p>
<p>此章节介绍在<strong>控制节点</strong>上安装和配置OpenStack Identity服务keystone的操作步骤。出于可伸缩性的目的，此配置部署了Fernet令牌和Apache HTTP服务器来处理请求。</p>
<p>本指南将向您展示如何使用 Red Hat Enterprise Linux或CentOS上可用的包安装 Keystone，以及如何通过 RDO (远程数据对象)存储库安装它的衍生产品。包括配置选项和示例配置文件的说明。</p>
<h4 id="2-1、认证服务概述"><a href="#2-1、认证服务概述" class="headerlink" title="2.1、认证服务概述"></a>2.1、认证服务概述</h4><p>OpenStack Identity 服务为管理身份验证、授权和服务目录提供了一个集成点。</p>
<p>Identity 服务通常是用户交互的第一个服务。一旦经过身份验证，最终用户可以使用他们的身份访问其他 OpenStack 服务。同样，其他 OpenStack 服务利用 Identity 服务来确保用户是他们所说的那个人，并发现部署中其他服务的位置。Identity 服务还可以与一些外部用户管理系统(如 LDAP)集成。</p>
<p>用户和服务可以通过使用由 Identity 服务管理的服务目录来定位其他服务。顾名思义，服务目录是 OpenStack 部署中可用服务的集合。每个服务可以有一个或多个端点，每个端点可以是三种类型之一: <strong>管理、内部或公共。在生产环境中，出于安全原因，不同的端点类型可能驻留在公开给不同类型用户的独立网络中。例如，公共 API 网络可能在互联网上可见，因此客户可以管理他们的云。管理 API 网络可能仅限于组织内管理云基础设施的运营商。内部 API 网络可能仅限于包含 OpenStack 服务的主机。</strong>另外，OpenStack 支持多个区域的可伸缩性。为简单起见，本指南使用所有端点类型和缺省 RegionOne 区域的管理网络。在 Identity 服务中创建的区域、服务和端点组成了部署的服务目录。部署中的每个 OpenStack 服务都需要一个服务条目，并在 Identity 服务中存储相应的端点。这些都可以在安装和配置了 Identity 服务之后完成。</p>
<p><strong>Identity 服务包含以下组件:</strong></p>
<ul>
<li><p><strong>Server</strong>：集中式服务器使用 RESTful 接口提供身份验证和授权服务。</p>
</li>
<li><p><strong>Drivers</strong>：驱动程序或服务后端集成到集中服务器。它们用于访问 OpenStack 外部存储库中的身份信息，并且可能已经存在于部署 OpenStack 的基础结构中(例如，SQL 数据库或 LDAP 服务器)。</p>
</li>
<li><p><strong>Modules</strong>：中间件模块在使用 Identity 服务的 OpenStack 组件的地址空间中运行。这些模块拦截服务请求，提取用户凭据，并将它们发送到集中的服务器进行授权。中间件模块和 OpenStack 组件之间的集成使用 Python/Web服务器网关接口。</p>
</li>
</ul>
<h4 id="2-2、安装配置准备工作"><a href="#2-2、安装配置准备工作" class="headerlink" title="2.2、安装配置准备工作"></a>2.2、安装配置准备工作</h4><p>在安装和配置Identity服务之前，必须创建一个数据库。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、以root用户连接数据库服务器（密码：123456）</span></span><br><span class="line">mysql -p123456</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、创建keystone数据库</span></span><br><span class="line">CREATE DATABASE keystone;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、将keystone数据库的所有权限都授予keystone用户（密码：KEYSTONE123）</span></span><br><span class="line">GRANT ALL PRIVILEGES ON keystone.* TO &#x27;keystone&#x27;@&#x27;%&#x27; IDENTIFIED BY &#x27;KEYSTONE123&#x27;;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、退出数据库访问</span></span><br><span class="line">quit</span><br></pre></td></tr></table></figure>

<h4 id="2-3、安装配置"><a href="#2-3、安装配置" class="headerlink" title="2.3、安装配置"></a>2.3、安装配置</h4><p>默认配置文件因分布而异。您可能需要添加这些部分和选项，而不是修改现有的部分和选项。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、运行以下命令安装包</span></span><br><span class="line">yum install openstack-keystone httpd mod_wsgi -y</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、编辑/etc/keystone/keystone.conf文件，完成如下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.1、在[database]部分中，配置数据库访问（/\[database]）</span></span><br><span class="line">yum -y install vim  # 安装vim</span><br><span class="line">vim /etc/keystone/keystone.conf</span><br><span class="line">[database]</span><br><span class="line">connection = mysql+pymysql://keystone:KEYSTONE123@controller/keystone</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.2、在[token]部分，配置Fernet令牌提供商</span></span><br><span class="line">[token]</span><br><span class="line">provider = fernet</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、创建Identity服务数据库相关的数据表.创建完成后可以登录MySQL数据库，切换到keystone数据库，查看其中是否有表</span></span><br><span class="line">su -s /bin/sh -c &quot;keystone-manage db_sync&quot; keystone</span><br><span class="line"></span><br><span class="line">mysql -p123456</span><br><span class="line">use keystone</span><br><span class="line">show tables;</span><br><span class="line">quit</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、初始化Fernet密钥库</span></span><br><span class="line">keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone</span><br><span class="line">keystone-manage credential_setup --keystone-user keystone --keystone-group keystone</span><br><span class="line"><span class="meta">#</span><span class="bash"> 5、引导Identity服务</span></span><br><span class="line">keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211222011150129.png" alt="image-20211222011150129"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223203544589.png" alt="image-20211223203544589"></p>
<h4 id="2-4、配置Apache-HTTP服务器"><a href="#2-4、配置Apache-HTTP服务器" class="headerlink" title="2.4、配置Apache HTTP服务器"></a>2.4、配置Apache HTTP服务器</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、编辑/etc/httpd/conf/httpd.conf文件并配置ServerName选项以引用控制节点</span></span><br><span class="line">vi /etc/httpd/conf/httpd.conf</span><br><span class="line">ServerName controller</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、创建到/usr/share/keystone/wsgi-keystone.conf文件的链接</span></span><br><span class="line">ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、启动Apache HTTP服务，并将其配置为在系统启动时自动启动</span></span><br><span class="line">systemctl enable httpd.service; systemctl start httpd.service</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、检查服务</span></span><br><span class="line">systemctl status httpd</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211222011443038.png" alt="image-20211222011443038"></p>
<h4 id="2-5、配置keystone的管理帐户"><a href="#2-5、配置keystone的管理帐户" class="headerlink" title="2.5、配置keystone的管理帐户"></a>2.5、配置keystone的管理帐户</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 5、配置管理帐户.创建bash脚本，将配置写入，以便下次调用执行</span></span><br><span class="line">vim admin.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash">!/bin/bash</span></span><br><span class="line">export OS_USERNAME=admin</span><br><span class="line">export OS_PASSWORD=admin</span><br><span class="line">export OS_PROJECT_NAME=admin</span><br><span class="line">export OS_USER_DOMAIN_NAME=Default</span><br><span class="line">export OS_PROJECT_DOMAIN_NAME=Default</span><br><span class="line">export OS_AUTH_URL=http://controller:5000/v3</span><br><span class="line">export OS_IDENTITY_API_VERSION=3</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 6、执行 admin.sh bash脚本</span></span><br><span class="line">source admin.sh</span><br><span class="line"><span class="meta">#</span><span class="bash"> 7、查看Keystone服务列表,服务的地址(Openstack中称为Endpoint)</span></span><br><span class="line">openstack endpoint list</span><br><span class="line"><span class="meta">#</span><span class="bash"> 8、使用openstack命令获取（id的值就是token）,openstack服务通过token来调用资源</span></span><br><span class="line">openstack token issue</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211222143044080.png" alt="image-20211222143044080"></p>
<h4 id="2-6、创建域、项目、用户和角色"><a href="#2-6、创建域、项目、用户和角色" class="headerlink" title="2.6、创建域、项目、用户和角色"></a>2.6、创建域、项目、用户和角色</h4><p>Identity 服务为每个 OpenStack 服务提供身份验证服务。身份验证服务使用域、项目、用户和角色的组合。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、虽然“default”域已经存在于本指南中的 keystone-manage 引导步骤中，但创建新域的正式方法是：</span></span><br><span class="line">openstack domain create --description &quot;An Example Domain&quot; example</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、本指南使用一个服务项目，该项目包含添加到环境中的每个服务的唯一用户。创建服务项目</span></span><br><span class="line">openstack project create --domain default --description &quot;Service Project&quot; service</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、常规(非管理)任务应该使用非特权项目和用户。例如，本指南创建 myproject 项目和 myuser</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.1、创建 myproject 项目</span></span><br><span class="line">openstack project create --domain default --description &quot;Demo Project&quot; myproject</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.2、创建 myuser（需要设置密码：myuser）</span></span><br><span class="line">openstack user create --domain default --password-prompt myuser</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.3、创建myuser用户的角色</span></span><br><span class="line">openstack role create myrole</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.4、将 myrole 角色分配给 myproject 项目和 myuser用户</span></span><br><span class="line">openstack role add --project myproject --user myuser myrole</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223142118039.png" alt="image-20211223142118039"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223142211513.png" alt="image-20211223142211513"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223142307237.png" alt="image-20211223142307237"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223142810955.png" alt="image-20211223142810955"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223142841853.png" alt="image-20211223142841853"></p>
<h4 id="2-7、验证操作"><a href="#2-7、验证操作" class="headerlink" title="2.7、验证操作"></a>2.7、验证操作</h4><p>在安装其他服务之前，验证Identity服务的操作。在控制器节点上执行这些命令。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、取消临时的 OS/auth/url 和 OS/password/环境变量</span></span><br><span class="line">unset OS_AUTH_URL OS_PASSWORD</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、以管理员用户请求一个身份验证令牌（此命令使用管理员用户的密码：admin）</span></span><br><span class="line">openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue</span><br><span class="line"><span class="meta">#</span><span class="bash"> 以在前一节中创建的 myuser用户，请求一个身份验证标记（此命令需要使用myuser用户密码：myuser）</span></span><br><span class="line">openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223143232539.png" alt="image-20211223143232539"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223143730199.png" alt="image-20211223143730199"></p>
<h4 id="2-8、创建-OpenStack-客户端环境脚本"><a href="#2-8、创建-OpenStack-客户端环境脚本" class="headerlink" title="2.8、创建 OpenStack 客户端环境脚本"></a>2.8、创建 OpenStack 客户端环境脚本</h4><h5 id="2-8-1、创建脚本"><a href="#2-8-1、创建脚本" class="headerlink" title="2.8.1、创建脚本"></a>2.8.1、创建脚本</h5><p>前面的部分使用了环境变量和命令选项的组合，通过 openstack 客户机与 Identity 服务交互。为了提高客户端操作的效率，OpenStack 支持简单的客户端环境脚本，也称为 OpenRC 文件。这些脚本通常包含所有客户机的通用选项，但也支持唯一选项。</p>
<p>为管理和演示项目及用户创建客户端环境脚本。本指南的后续部分将引用这些脚本为客户端操作加载适当的凭据。</p>
<p>客户端环境脚本的路径是不受限制的。为了方便起见，您可以将脚本放在任何位置，但是要确保它们是可访问的，并且位于适合您部署的安全位置，因为它们确实包含敏感凭据。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、创建并编辑 admin-openrc 文件，并添加以下内容:</span></span><br><span class="line">vim admin-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash">!/bin/bash</span></span><br><span class="line">export OS_PROJECT_DOMAIN_NAME=Default</span><br><span class="line">export OS_USER_DOMAIN_NAME=Default</span><br><span class="line">export OS_PROJECT_NAME=admin</span><br><span class="line">export OS_USERNAME=admin</span><br><span class="line">export OS_PASSWORD=admin</span><br><span class="line">export OS_AUTH_URL=http://controller:5000/v3</span><br><span class="line">export OS_IDENTITY_API_VERSION=3</span><br><span class="line">export OS_IMAGE_API_VERSION=2</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、创建并编辑 myuser-openrc 文件，并添加以下内容：</span></span><br><span class="line">vim myuser-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash">!/bin/bash</span></span><br><span class="line">export OS_PROJECT_DOMAIN_NAME=Default</span><br><span class="line">export OS_USER_DOMAIN_NAME=Default</span><br><span class="line">export OS_PROJECT_NAME=myproject</span><br><span class="line">export OS_USERNAME=myuser</span><br><span class="line">export OS_PASSWORD=myuser</span><br><span class="line">export OS_AUTH_URL=http://controller:5000/v3</span><br><span class="line">export OS_IDENTITY_API_VERSION=3</span><br><span class="line">export OS_IMAGE_API_VERSION=2</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223144714231.png" alt="image-20211223144714231"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223144927050.png" alt="image-20211223144927050"></p>
<h5 id="2-8-2、使用脚本"><a href="#2-8-2、使用脚本" class="headerlink" title="2.8.2、使用脚本"></a>2.8.2、使用脚本</h5><p>要将客户机作为特定的项目和用户运行，只需在运行之前加载相关的客户机环境脚本即可。例如:</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、加载 admin-openrc 文件，用 Identity 服务的位置、 admin 项目和用户凭据填充环境变量</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、请求认证令牌</span></span><br><span class="line">openstack token issue</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223145521392.png" alt="image-20211223145521392"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223145702866.png" alt="image-20211223145702866"></p>
<h3 id="三、镜像服务—Glance安装"><a href="#三、镜像服务—Glance安装" class="headerlink" title="三、镜像服务—Glance安装"></a>三、镜像服务—Glance安装</h3><h4 id="3-1、镜像服务概述"><a href="#3-1、镜像服务概述" class="headerlink" title="3.1、镜像服务概述"></a>3.1、镜像服务概述</h4><p>Image服务(glance)允许用户发现、注册和检索虚拟机镜像。它提供了一个REST API，使您能够查询虚拟机镜像元数据并检索实际的镜像。您可以将通过Image服务提供的虚拟机镜像存储在各种位置，从简单的文件系统到像OpenStack Object Storage这样的对象存储系统。</p>
<p>为简单起见，本指南描述了如何配置Image服务以使用文件后端，文件后端上传并存储在托管Image服务的控制节点上的一个目录中。默认情况下，该目录为/var/lib/glance/images/。</p>
<p>在继续之前，请确保控制节点在这个目录中至少有几个G的可用空间。请记住，由于文件后端通常位于控制节点的本地，因此它通常不适合多节点glance部署。</p>
<p>OpenStack Image 服务是基础设施即服务(IaaS)的核心。它接受磁盘或服务器镜像的 API 请求，以及来自最终用户或 OpenStack Compute 组件的元数据定义。它还支持在各种存储库类型上存储磁盘或服务器镜像，包括 OpenStack 对象存储。</p>
<p>OpenStack镜像服务上运行大量的周期进程来支持缓存。同步服务通过集群确保一致性和可用性。其他周期性过程包括审计员、更新者和收割者。( Other periodic processes include auditors, updaters, and reapers.)</p>
<p><strong>OpenStack Image 服务包括以下组件:</strong></p>
<ul>
<li><p><strong>glance-api</strong>：调用镜像API来获取、检索和存储镜像。</p>
</li>
<li><p><strong>glance-registry</strong>：存储、处理和检索关于镜像的元数据。元数据包括大小和类型等项。注册表是 OpenStack Image 服务使用的私有内部服务。不要向用户公开此服务。（Queens 版本中已经被弃用）</p>
</li>
<li><p><strong>Database</strong>：存储镜像元数据，您可以根据自己的喜好选择数据库。大多数部署使用MySQL或SQLite。</p>
</li>
<li><p><strong>Metadata definition service</strong>：为供应商、管理员、服务和用户提供一个通用API，用于定义自己的自定义元数据。该元数据可以用于不同类型的资源，如镜像、工件（artifacts）、卷（volumes）和集料（aggregates）。定义包括新特性的键、描述、约束（key, description, constraints）以及可以与其关联的资源类型。</p>
</li>
</ul>
<h4 id="3-2、安装配置准备工作"><a href="#3-2、安装配置准备工作" class="headerlink" title="3.2、安装配置准备工作"></a>3.2、安装配置准备工作</h4><p>在安装和配置 Image 服务之前，必须创建数据库、服务凭据和 API 端点。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、创建数据库，完成以下步骤:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.1、使用数据库访问客户端作为root用户连接到数据库服务器</span></span><br><span class="line">mysql -p123456</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.2、创建创建glance数据库</span></span><br><span class="line">CREATE DATABASE glance;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.3、授予对glance数据库的适当访问权限（设置账号：glance；密码：GLANCE123）</span></span><br><span class="line">GRANT ALL PRIVILEGES ON glance.* TO &#x27;glance&#x27;@&#x27;%&#x27; IDENTIFIED BY &#x27;GLANCE123&#x27;;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.4、退出数据库访问客户端</span></span><br><span class="line">quit</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、获取管理员凭据以访问仅管理的CLI命令(可选)</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、创建服务凭据，完成以下步骤:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.1、创建glance用户（设置密码：glance）</span></span><br><span class="line">openstack user create --domain default --password-prompt glance</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.2、将admin角色赋给glance用户和service项目中</span></span><br><span class="line">openstack role add --project service --user glance admin</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.3、创建glance服务实体</span></span><br><span class="line">openstack service create --name glance --description &quot;OpenStack Image&quot; image</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、创建Image服务API端点（endpoints）</span></span><br><span class="line">openstack endpoint create --region RegionOne image public http://controller:9292</span><br><span class="line">openstack endpoint create --region RegionOne image internal http://controller:9292</span><br><span class="line">openstack endpoint create --region RegionOne image admin http://controller:9292</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 5、查看服务API端点创建的结果</span></span><br><span class="line">openstack endpoint list</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223225405794.png" alt="image-20211223225405794"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223225604348.png" alt="image-20211223225604348"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223225806579.png" alt="image-20211223225806579"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223225927147.png" alt="image-20211223225927147"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223230041836.png" alt="image-20211223230041836"></p>
<h4 id="3-3、安装配置"><a href="#3-3、安装配置" class="headerlink" title="3.3、安装配置"></a>3.3、安装配置</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、安装glance服务模块相关软件包</span></span><br><span class="line">yum install openstack-glance -y</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、编辑/etc/glance/glance-api.conf文件并完成以下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.1、在[database]部分，配置数据库访问（这里的密码是glance数据库glance用户的密码：GLANCE123）</span></span><br><span class="line">vim /etc/glance/glance-api.conf</span><br><span class="line"></span><br><span class="line">[database]</span><br><span class="line">connection = mysql+pymysql://glance:GLANCE123@controller/glance</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.2、在[keystone_authtoken]和[paste_deploy]部分中配置认证服务访问（注释掉或删除[keystone_authtoken]部分中的任何其他选项）这里的password是glance用户的密码</span></span><br><span class="line">[keystone_authtoken]</span><br><span class="line">www_authenticate_uri = http://controller:5000</span><br><span class="line">auth_url = http://controller:5000</span><br><span class="line">memcached_servers = controller:11211</span><br><span class="line">auth_type = password</span><br><span class="line">project_domain_name = Default</span><br><span class="line">user_domain_name = Default</span><br><span class="line">project_name = service</span><br><span class="line">username = glance</span><br><span class="line">password = glance</span><br><span class="line"></span><br><span class="line">[paste_deploy]</span><br><span class="line">flavor = keystone</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.3、在[glance_store]部分，配置本地文件系统存储和image文件的位置</span></span><br><span class="line">[glance_store]</span><br><span class="line">stores = file,http</span><br><span class="line">default_store = file</span><br><span class="line">filesystem_store_datadir = /var/lib/glance/images/</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、创建Image服务数据库</span></span><br><span class="line">su -s /bin/sh -c &quot;glance-manage db_sync&quot; glance</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 补充说明：可以通过tail命令查看日志</span></span><br><span class="line">tail -f /var/log/glance/api.log</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、启动Image服务，并配置它们在系统启动时自动启动</span></span><br><span class="line">systemctl enable openstack-glance-api.service</span><br><span class="line">systemctl start openstack-glance-api.service</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223230700554.png" alt="image-20211223230700554"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223230938217.png" alt="image-20211223230938217"></p>
<h4 id="3-4、验证操作"><a href="#3-4、验证操作" class="headerlink" title="3.4、验证操作"></a>3.4、验证操作</h4><p>使用 CirrOS 验证 Image 服务的操作，CirrOS 是一个小型的 Linux 映像，可以帮助您测试 OpenStack 部署。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 在控制器节点上执行这些命令</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 1、获取管理员凭据以访问仅管理的CLI 命令（可选）</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、下载源镜像（如果你的发行版中没有包含wget，那么就要安装wget。或者直接访问地址使用迅雷下载，下载完成后可以用xFTP将镜像上次到root目录下）</span></span><br><span class="line">wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、使用qcow2磁盘格式、bare容器格式和公共可见性将镜像上传到Image服务，以便所有项目都能访问它</span></span><br><span class="line">glance image-create --name &quot;cirros&quot; --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、确认镜像上传和验证属性</span></span><br><span class="line">glance image-list</span><br><span class="line"><span class="meta">#</span><span class="bash"> 或者</span></span><br><span class="line">openstack image list</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223224759898.png" alt="image-20211223224759898"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223231300228.png" alt="image-20211223231300228"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211223231339920.png" alt="image-20211223231339920"></p>
<h3 id="四、placement服务—Placement安装"><a href="#四、placement服务—Placement安装" class="headerlink" title="四、placement服务—Placement安装"></a>四、placement服务—Placement安装</h3><h4 id="4-1、Placement服务概览"><a href="#4-1、Placement服务概览" class="headerlink" title="4.1、Placement服务概览"></a>4.1、Placement服务概览</h4><p>placement是从Nova 中分离出来的。placement API服务在14.0.0.0 Newton 版本中引入，并在19.0.0 Stein 版本中提取到新的placement存储库中。这是一个 REST API 堆栈和数据模型，用于跟踪资源提供者的清单和使用情况，以及不同类别的资源。例如，资源提供者可以是计算节点、共享存储池或 IP分配池。placement服务跟踪每个供应商的库存和使用情况。例如，在计算节点上创建的实例可能是来自计算节点资源提供程序的RAM和CPU等资源的消费者、来自外部共享存储池资源提供程序的磁盘以及来自外部IP池资源提供程序的IP地址。</p>
<p>消耗的资源类型被作为<code>classes</code>进行跟踪。。该服务提供了一组标准资源类(例如 <code>DISK_GB</code>, <code>MEMORY_MB</code>和 <code>VCPU</code>) ，并提供了根据需要定义自定义资源类的能力。</p>
<p>每个资源提供者也可能有一组描述资源提供者定性方面的特征。Traits 描述了资源提供者的一个方面，这个方面本身不能被使用，但是工作负载可能希望指定。例如，可用的磁盘可能是固态驱动器(SSD)。</p>
<h4 id="4-2、部署步骤概述"><a href="#4-2、部署步骤概述" class="headerlink" title="4.2、部署步骤概述"></a>4.2、部署步骤概述</h4><h5 id="4-2-1、部署API服务"><a href="#4-2-1、部署API服务" class="headerlink" title="4.2.1、部署API服务"></a>4.2.1、部署API服务</h5><p>Placement为使用Apache、nginx或其他支持WSGI的web服务器运行服务提供了Placement-apiwsgi脚本。根据用于部署OpenStack的打包解决方案的不同，WSGI脚本可能位于/usr/bin或/usr/local/bin中。</p>
<p>Placement-api作为标准的WSGI脚本，提供了大多数WSGI服务器期望找到的模块级应用程序属性。这意味着可以使用许多不同的服务器来运行它，从而在不同的部署场景中提供灵活性。常见的情况包括:</p>
<ul>
<li><a target="_blank" rel="noopener" href="http://httpd.apache.org/">apache2</a> with <a target="_blank" rel="noopener" href="https://modwsgi.readthedocs.io/">mod_wsgi</a></li>
<li>apache2 with <a target="_blank" rel="noopener" href="http://uwsgi-docs.readthedocs.io/en/latest/Apache.html">mod_proxy_uwsgi</a></li>
<li><a target="_blank" rel="noopener" href="http://nginx.org/">nginx</a> with <a target="_blank" rel="noopener" href="http://uwsgi-docs.readthedocs.io/en/latest/Nginx.html">uwsgi</a></li>
<li>nginx with <a target="_blank" rel="noopener" href="http://gunicorn.org/">gunicorn</a></li>
</ul>
<p>在所有这些场景中，应用程序的主机、端口和挂载路径(或前缀)由web服务器的配置控制，而不是由放置应用程序的配置(placement.conf)控制。</p>
<p>当placement首次添加到DevStack时，它使用mod _ wsgi风格。后来它被更新为使用<a target="_blank" rel="noopener" href="http://uwsgi-docs.readthedocs.io/en/latest/Apache.html">mod_proxy_uwsgi</a>。研究这些变化对于理解相关的选择是有用的。</p>
<p>默认情况下，布局应用程序将从/etc/placement/placement.conf 获得其设置的配置，例如数据库连接URL。可以通过在启动应用程序的进程的环境中设置OS_placement_config_dir来更改配置文件所在的目录。对于最近发布的oslo.config，还可以在环境中设置配置选项。</p>
<p>本文档避免为placement服务声明一组安装说明。这是因为使用WSGI应用程序的一个主要要点是使部署尽可能灵活。因为placement API 服务本身是无状态的(所有状态都在数据库中) ，所以可以在负载均衡解决方案背后部署任意数量的服务器，以实现健壮和简单的伸缩。如果您熟悉通用WSGI应用程序的安装(使用上面的常见场景列表中的链接) ，这些技术将在这里适用。</p>
<h5 id="4-2-2、同步数据库"><a href="#4-2-2、同步数据库" class="headerlink" title="4.2.2、同步数据库"></a>4.2.2、同步数据库</h5><p>placement服务使用它自己的数据库，在配置的place_database部分中定义。<a target="_blank" rel="noopener" href="https://docs.openstack.org/placement/stein/configuration/config.html#placement_database.connection"><code>placement_database.connection</code></a>选项必须设置否则服务将不启动。命令行工具 <a target="_blank" rel="noopener" href="https://docs.openstack.org/placement/stein/cli/placement-manage.html">placement-manage</a>可用于将数据库表迁移到正确的形式，包括创建它们。连接选项所描述的数据库必须已经存在，并且已经定义了适当的访问控制。</p>
<p>同步的另一个选项是在配置中设置 <a target="_blank" rel="noopener" href="https://docs.openstack.org/placement/stein/configuration/config.html#placement_database.sync_on_startup"><code>placement_database.sync_on_startup</code></a> 为True。这将在placement web 服务启动时执行任何缺少的数据库迁移。选择自动同步还是使用命令行工具取决于环境和部署工具的约束。</p>
<h5 id="4-2-3、创建账户并更新服务目录"><a href="#4-2-3、创建账户并更新服务目录" class="headerlink" title="4.2.3、创建账户并更新服务目录"></a>4.2.3、创建账户并更新服务目录</h5><p>在 Keystone 中创建一个具有管理员角色的placement服务用户。</p>
<p>placement API 是一个独立的服务，因此应该在服务目录中的placement服务类型下注册。placement的客户端(例如nova-compute节点中的资源跟踪器)将使用服务目录来查找placement端点。</p>
<h4 id="4-3、安装配置准备工作"><a href="#4-3、安装配置准备工作" class="headerlink" title="4.3、安装配置准备工作"></a>4.3、安装配置准备工作</h4><p>在安装和配置置入服务之前，必须创建数据库、服务凭据和 API 端点。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、创建数据库</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.1、使用数据库访问客户端作为根用户连接到数据库服务器</span></span><br><span class="line">mysql -p123456</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.2、创建placement数据库</span></span><br><span class="line">CREATE DATABASE placement;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.3、授予对placement数据库的适当访问权限（设置账号：placement；密码：PLACEMENT123）</span></span><br><span class="line">GRANT ALL PRIVILEGES ON placement.* TO &#x27;placement&#x27;@&#x27;%&#x27; IDENTIFIED BY &#x27;PLACEMENT123&#x27;;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.4、退出</span></span><br><span class="line">quit</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、配置用户和端点Endpoints</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.1、获取管理员凭据以访问仅管理的CLI命令</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.2、创建placement用户（设置密码：placement）</span></span><br><span class="line">openstack user create --domain default --password-prompt placement</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.3、使用管理员角色将Placement用户添加到服务项目中</span></span><br><span class="line">openstack role add --project service --user placement admin</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.4、在服务目录中创建Placement API条目</span></span><br><span class="line">openstack service create --name placement --description &quot;Placement API&quot; placement</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.5、创建Placement API服务端点（端点的 URL 将根据您的环境而变化(可能是8780而不是8778，或者根本没有端口)和主机名）</span></span><br><span class="line">openstack endpoint create --region RegionOne placement public http://controller:8778</span><br><span class="line">openstack endpoint create --region RegionOne placement internal http://controller:8778</span><br><span class="line">openstack endpoint create --region RegionOne placement admin http://controller:8778</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225174550470.png" alt="image-20211225174550470"> </p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225182248840.png" alt="image-20211225182248840"></p>
<h4 id="4-4、安装配置"><a href="#4-4、安装配置" class="headerlink" title="4.4、安装配置"></a>4.4、安装配置</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、安装openstack-placement-api软件包</span></span><br><span class="line">yum install openstack-placement-api -y</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、编辑/etc/placement/placement.conf文件并完成以下操作</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.1、在[placement_database]部分，配置数据库访问</span></span><br><span class="line">vim /etc/placement/placement.conf</span><br><span class="line"></span><br><span class="line">[placement_database]</span><br><span class="line">connection = mysql+pymysql://placement:PLACEMENT123@controller/placement</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.2、在[api]和[keystone_authtoken]部分配置Identity服务访问</span></span><br><span class="line">[api]</span><br><span class="line">auth_strategy = keystone</span><br><span class="line"></span><br><span class="line">[keystone_authtoken]</span><br><span class="line">auth_url = http://controller:5000/v3</span><br><span class="line">memcached_servers = controller:11211</span><br><span class="line">auth_type = password</span><br><span class="line">project_domain_name = Default</span><br><span class="line">user_domain_name = Default</span><br><span class="line">project_name = service</span><br><span class="line">username = placement</span><br><span class="line">password = placement</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.3、由于打包错误，您必须通过将以下配置添加到/etc/httpd/conf.d/00-placement-api.conf来启用对 Placement API的访问（加到最后）</span></span><br><span class="line">vim /etc/httpd/conf.d/00-placement-api.conf</span><br><span class="line"></span><br><span class="line">&lt;Directory /usr/bin&gt;</span><br><span class="line">   &lt;IfVersion &gt;= 2.4&gt;</span><br><span class="line">      Require all granted</span><br><span class="line">   &lt;/IfVersion&gt;</span><br><span class="line">   &lt;IfVersion &lt; 2.4&gt;</span><br><span class="line">      Order allow,deny</span><br><span class="line">      Allow from all</span><br><span class="line">   &lt;/IfVersion&gt;</span><br><span class="line">&lt;/Directory&gt;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、创建placement服务数据库</span></span><br><span class="line">su -s /bin/sh -c &quot;placement-manage db sync&quot; placement</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、重新启动httpd服务</span></span><br><span class="line">systemctl restart httpd</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 查看Apache服务版本号</span></span><br><span class="line">httpd -v</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225182956725.png" alt="image-20211225182956725"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225183328021.png" alt="image-20211225183328021"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225185151784.png" alt="image-20211225185151784"></p>
<h4 id="4-5、验证操作"><a href="#4-5、验证操作" class="headerlink" title="4.5、验证操作"></a>4.5、验证操作</h4><p>检查placement服务的运行情况</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、获取管理员凭据以访问仅管理的CLI命令</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、执行状态检查以确保一切正常</span></span><br><span class="line">placement-status upgrade check</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、针对placement API运行一些命令</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.1、安装osc-placement插件（没有安装pip的话，先安装epel软件源，再安装pip）</span></span><br><span class="line">yum -y install epel-release</span><br><span class="line">yum -y install python-pip</span><br><span class="line">pip install osc-placement</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.2、列出可用的资源类别和特性</span></span><br><span class="line">openstack --os-placement-api-version 1.2 resource class list --sort-column name</span><br><span class="line">openstack --os-placement-api-version 1.6 trait list --sort-column name</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225183447370.png" alt="image-20211225183447370"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211225184832138.png" alt="image-20211225184832138"></p>
<h3 id="五、计算服务—nova安装"><a href="#五、计算服务—nova安装" class="headerlink" title="五、计算服务—nova安装"></a>五、计算服务—nova安装</h3><h4 id="5-1、计算服务概览"><a href="#5-1、计算服务概览" class="headerlink" title="5.1、计算服务概览"></a>5.1、计算服务概览</h4><p>使用 OpenStack Compute 托管和管理云计算系统。OpenStack Compute 是基础设施即服务(IaaS)系统的主要部分。主要的模块是用 Python 实现的。</p>
<p>OpenStack Compute与OpenStack Identity交互以进行身份验证，OpenStack Placement用于资源库存跟踪和选择，OpenStack Image 服务用于磁盘和服务器镜像，OpenStack Dashboard 用于用户和管理界面。镜像访问受到项目和用户的限制; 每个项目的配额都是有限的(例如，实例数)。OpenStack Compute可以在标准硬件上水平伸缩，并下载镜像以启动实例。</p>
<p>OpenStack Compute由以下部分及其组件组成:</p>
<p><strong><code>nova-api</code> service</strong>：接受并响应最终用户的计算API调用。该服务支持OpenStack Compute API。它强制执行一些策略并启动大多数编排活动，例如运行实例。</p>
<p><strong><code>nova-api-metadata</code> service</strong>：接受实例的元数据请求。nova-api-metadata服务通常在多主机模式下运行nova-network安装时使用。</p>
<p><strong><code>nova-compute</code> service</strong>：通过hypervisor APIs创建和终止虚拟机实例的工作守护进程。例如:</p>
<ul>
<li>XenAPI for XenServer/XCP</li>
<li>libvirt for KVM or QEMU</li>
<li>VMwareAPI for VMware</li>
</ul>
<p>处理过程相当复杂。基本上，守护进程接受来自队列的操作，并执行一系列系统命令，例如启动一个KVM实例并更新其在数据库中的状态。</p>
<p><strong><code>nova-scheduler</code> service</strong>：从队列中获取虚拟机实例请求，并确定它在哪个计算机服务器主机上运行。</p>
<p><strong><code>nova-conductor</code> module</strong>：协调nova-compute服务和数据库之间的交互。它消除了nova compute服务对云数据库的直接访问。nova-conductor模块水平缩放。但是，不要将其部署在nova compute服务运行的节点上。</p>
<p><strong><code>nova-novncproxy</code> daemon</strong>：提供一个代理，用于通过VNC连接访问正在运行的实例。支持基于浏览器的novnc客户端。</p>
<p> <strong><code>nova-spicehtml5proxy</code> daemon</strong>：提供代理，用于通过SPICE连接访问正在运行的实例。支持基于浏览器的 html5客户端。</p>
<p> <strong><code>nova-xvpvncproxy</code> daemon</strong>：提供代理，用于通过VNC连接访问正在运行的实例。支持openstack特定的Java客户端。<font color="red">nova-xvpvnxproxy 自19.0.0(Stein)以来就已弃用，并将在即将发布的版本中删除。</font></p>
<p><strong>The queue</strong>：在守护进程之间传递消息的中央集线器。通常用RabbitMQ实现，但也有其他选项。</p>
<p><strong>SQL database</strong>：存储大多数云基础设施构建时和运行时的状态，包括:</p>
<ul>
<li>Available instance types：可用的实例类型</li>
<li>Instances in use：使用中的实例</li>
<li>Available networks：可用网络</li>
<li>Projects：项目</li>
</ul>
<p>理论上，OpenStack Compute可以支持SQLAlchemy支持的任何数据库。常见的数据库有sqlite3用于测试和开发工作、MySQL、MariaDB 和PostgreSQL。</p>
<p><font color="red">以下操作需要注意具体是在哪个节点操作的！！！</font></p>
<h4 id="5-2、安装配置准备工作（控制节点）"><a href="#5-2、安装配置准备工作（控制节点）" class="headerlink" title="5.2、安装配置准备工作（控制节点）"></a>5.2、安装配置准备工作（控制节点）</h4><p>在安装和配置Compute服务之前，必须创建数据库、服务凭据和API端点。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、创建数据库，完成以下步骤:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.1、使用数据库访问客户端作为root用户连接到数据库服务器</span></span><br><span class="line">mysql -p123456</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.2、创建nova api、nova和nova_cell0数据库</span></span><br><span class="line">CREATE DATABASE nova_api;</span><br><span class="line">CREATE DATABASE nova;</span><br><span class="line">CREATE DATABASE nova_cell0;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.3、授予nova用户对nova api、nova和nova_cell0数据库的适当访问权限（设置账号：nova；密码：NOVA123）</span></span><br><span class="line">GRANT ALL PRIVILEGES ON nova_api.* TO &#x27;nova&#x27;@&#x27;%&#x27; IDENTIFIED BY &#x27;NOVA123&#x27;;</span><br><span class="line">GRANT ALL PRIVILEGES ON nova.* TO &#x27;nova&#x27;@&#x27;%&#x27; IDENTIFIED BY &#x27;NOVA123&#x27;;</span><br><span class="line">GRANT ALL PRIVILEGES ON nova_cell0.* TO &#x27;nova&#x27;@&#x27;%&#x27; IDENTIFIED BY &#x27;NOVA123&#x27;;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.4、退出数据库访问客户端</span></span><br><span class="line">quit</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、获取管理员凭据以访问仅管理的CLI命令</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、创建Compute服务凭据</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.1、创建nova用户（设置密码：nova）</span></span><br><span class="line">openstack user create --domain default --password-prompt nova</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.2、将admin角色赋给nova用户和service项目中</span></span><br><span class="line">openstack role add --project service --user nova admin</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.3、创建nova服务实体</span></span><br><span class="line">openstack service create --name nova --description &quot;OpenStack Compute&quot; compute</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、创建Compute API服务端点</span></span><br><span class="line">openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1</span><br><span class="line">openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1</span><br><span class="line">openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226155055340.png" alt="image-20211226155055340"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226155310036.png" alt="image-20211226155310036"></p>
<h4 id="5-3、安装配置（控制节点）"><a href="#5-3、安装配置（控制节点）" class="headerlink" title="5.3、安装配置（控制节点）"></a>5.3、安装配置（控制节点）</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、安装openstack-nova-api、openstack-nova-conductor、openstack-nova-novncproxy、openstack-nova-scheduler软件包</span></span><br><span class="line">yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、编辑/etc/nova/nova.conf文件并完成以下操作</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.1、在[DEFAULT]部分，只启用计算和元数据api</span></span><br><span class="line">vim /etc/nova/nova.conf</span><br><span class="line"></span><br><span class="line">[DEFAULT]</span><br><span class="line">enabled_apis = osapi_compute,metadata</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.2、在[api_database]和[database]部分中，配置数据库访问</span></span><br><span class="line">[api_database]</span><br><span class="line">connection = mysql+pymysql://nova:NOVA123@controller/nova_api</span><br><span class="line"></span><br><span class="line">[database]</span><br><span class="line">connection = mysql+pymysql://nova:NOVA123@controller/nova</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.3、在[DEFAULT]部分，配置RabbitMQ消息队列访问</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">transport_url = rabbit://openstack:openstack123@controller:5672/</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.4、在[api]和[keystone_authtoken]部分中，配置Identity服务访问</span></span><br><span class="line">[api]</span><br><span class="line">auth_strategy = keystone</span><br><span class="line"></span><br><span class="line">[keystone_authtoken]</span><br><span class="line">www_authenticate_uri = http://controller:5000/</span><br><span class="line">auth_url = http://controller:5000/</span><br><span class="line">memcached_servers = controller:11211</span><br><span class="line">auth_type = password</span><br><span class="line">project_domain_name = Default</span><br><span class="line">user_domain_name = Default</span><br><span class="line">project_name = service</span><br><span class="line">username = nova</span><br><span class="line">password = nova</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.5、在[DEFAULT]部分，配置 my_IP选项使用控制器节点的管理接口IP地址</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">my_ip = 192.168.147.8</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.6、在[DEFAULT]部分，启用对网络服务的支持（默认情况下，Compute 使用内部防火墙驱动程序。由于 Networking 服务包含防火墙驱动程序，因此必须使用 nova.virt.firewall 禁用 Compute 防火墙驱动程序。防火墙驱动程序）</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">use_neutron = true</span><br><span class="line">firewall_driver = nova.virt.firewall.NoopFirewallDriver</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.7、在[VNC]部分，将VNC代理配置为使用控制器节点的管理接口IP地址</span></span><br><span class="line">[vnc]</span><br><span class="line">enabled = true</span><br><span class="line"></span><br><span class="line">server_listen = $my_ip</span><br><span class="line">server_proxyclient_address = $my_ip</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.8、在[glance]部分中，配置Image服务API的位置</span></span><br><span class="line">[glance]</span><br><span class="line">api_servers = http://controller:9292</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.9、在[oslo_concurrency]部分，配置锁路径（python伪并发需要使用锁）</span></span><br><span class="line">[oslo_concurrency]</span><br><span class="line">lock_path = /var/lib/nova/tmp</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.10、在[placement]部分，配置对placement服务的访问</span></span><br><span class="line">[placement]</span><br><span class="line">region_name = RegionOne</span><br><span class="line">project_domain_name = Default</span><br><span class="line">project_name = service</span><br><span class="line">auth_type = password</span><br><span class="line">user_domain_name = Default</span><br><span class="line">auth_url = http://controller:5000/v3</span><br><span class="line">username = placement</span><br><span class="line">password = placement</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、创建nova-api数据库</span></span><br><span class="line">su -s /bin/sh -c &quot;nova-manage api_db sync&quot; nova</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、注册cell0数据库</span></span><br><span class="line">su -s /bin/sh -c &quot;nova-manage cell_v2 map_cell0&quot; nova</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 5、注册cell1 cell(单元格，cell是什么作用？？cell数据库则是用于保存创建失败且还没有确定位于哪个 cell 的虚机数据，比如当虚拟机调度失败时，该虚拟机数据就会被保存到cell数据库中。)</span></span><br><span class="line">su -s /bin/sh -c &quot;nova-manage cell_v2 create_cell --name=cell1 --verbose&quot; nova</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 6、创建nova数据库</span></span><br><span class="line">su -s /bin/sh -c &quot;nova-manage db sync&quot; nova</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 7、验证nova cell0和cell1是否正确注册</span></span><br><span class="line">su -s /bin/sh -c &quot;nova-manage cell_v2 list_cells&quot; nova</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 8、启动Compute服务，并配置它们在系统启动时自启动</span></span><br><span class="line">systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service</span><br><span class="line">systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 可以查看一下日志</span></span><br><span class="line">tail -f /var/log/nova/*.log</span><br></pre></td></tr></table></figure>

<p>cell作用参考：<a target="_blank" rel="noopener" href="https://blog.csdn.net/Lihuihui006/article/details/112035435?spm=1001.2101.3001.6661.1&amp;utm_medium=distribute.pc_relevant_t0.none-task-blog-2~default~CTRLIST~default-1.essearch_pc_relevant&amp;depth_1-utm_source=distribute.pc_relevant_t0.none-task-blog-2~default~CTRLIST~default-1.essearch_pc_relevant">https://blog.csdn.net/Lihuihui006/article/details/112035435?spm=1001.2101.3001.6661.1&amp;utm_medium=distribute.pc_relevant_t0.none-task-blog-2%7Edefault%7ECTRLIST%7Edefault-1.essearch_pc_relevant&amp;depth_1-utm_source=distribute.pc_relevant_t0.none-task-blog-2%7Edefault%7ECTRLIST%7Edefault-1.essearch_pc_relevant</a></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226161733637.png" alt="image-20211226161733637"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211230093447265.png" alt="image-20211230093447265"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211230112252216.png" alt="image-20211230112252216"></p>
<h4 id="5-4、安装配置（计算节点）"><a href="#5-4、安装配置（计算节点）" class="headerlink" title="5.4、安装配置（计算节点）"></a>5.4、安装配置（计算节点）</h4><p>本节描述如何在计算节点上安装和配置Compute服务。该服务支持多个hypervisors来部署实例或虚拟机(vm)。为了简单起见，这个配置使用了Quick EMUlator (QEMU)hypervisor(管理程序)，并在计算节点上使用了基于内核的VM(KVM)扩展，这些计算节点支持虚拟机的虚拟硬件加速。在传统硬件上，这种配置使用通用QEMU hypervisor管理程序。您可以按照这些指令进行一些小的修改，以便使用附加的计算节点水平扩展环境。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、安装openstack-nova-compute软件包</span></span><br><span class="line">yum install openstack-nova-compute -y</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、编辑/etc/nova/nova.conf文件并完成以下操作</span></span><br><span class="line">vim /etc/nova/nova.conf</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.1、在[DEFAULT]部分，只启用计算和元数据api</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">enabled_apis = osapi_compute,metadata</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.2、在[DEFAULT]部分，配置RabbitMQ消息队列访问</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">transport_url = rabbit://openstack:openstack123@controller</span><br><span class="line"><span class="meta">#</span><span class="bash">2.3、在[api]和[keystone_authtoken]部分中，配置Identity服务访问</span></span><br><span class="line">[api]</span><br><span class="line">auth_strategy = keystone</span><br><span class="line"></span><br><span class="line">[keystone_authtoken]</span><br><span class="line">www_authenticate_uri = http://controller:5000/</span><br><span class="line">auth_url = http://controller:5000/</span><br><span class="line">memcached_servers = controller:11211</span><br><span class="line">auth_type = password</span><br><span class="line">project_domain_name = Default</span><br><span class="line">user_domain_name = Default</span><br><span class="line">project_name = service</span><br><span class="line">username = nova</span><br><span class="line">password = nova</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.4、在[DEFAULT]部分，配置my_ip选项(compute节点的IP )</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">my_ip = 192.168.147.9</span><br><span class="line"><span class="meta">#</span><span class="bash">2.5、在[DEFAULT]部分，启用对网络服务的支持（默认情况下，Compute使用内部防火墙服务。由于Networking包含防火墙服务，因此必须使用nova.virt.firewall禁用Compute防火墙服务。防火墙驱动程序）</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">use_neutron = true</span><br><span class="line">firewall_driver = nova.virt.firewall.NoopFirewallDriver</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.6、在[vnc]部分，启用和配置远程控制台访问（服务器组件监听所有IP地址，而代理组件只监听计算节点的管理接口IP地址。基本URL表示可以使用web浏览器访问此计算节点上实例的远程控制台的位置。）</span></span><br><span class="line">[vnc]</span><br><span class="line">enabled = true</span><br><span class="line">server_listen = 0.0.0.0</span><br><span class="line">server_proxyclient_address = $my_ip</span><br><span class="line">novncproxy_base_url = http://controller:6080/vnc_auto.html</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.7、在[glance]部分中，配置Image服务API的位置</span></span><br><span class="line">[glance]</span><br><span class="line">api_servers = http://controller:9292</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.8、在[oslo_concurrency]部分，配置锁路径</span></span><br><span class="line">[oslo_concurrency]</span><br><span class="line">lock_path = /var/lib/nova/tmp</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.9、在[Placement]部分，配置Placement API</span></span><br><span class="line">[placement]</span><br><span class="line">region_name = RegionOne</span><br><span class="line">project_domain_name = Default</span><br><span class="line">project_name = service</span><br><span class="line">auth_type = password</span><br><span class="line">user_domain_name = Default</span><br><span class="line">auth_url = http://controller:5000/v3</span><br><span class="line">username = placement</span><br><span class="line">password = placement</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、确定计算节点是否支持虚拟机的硬件加速/值（如果这个命令返回一个或更多的值，你的计算节点支持硬件加速/值，这通常不需要额外的配置。如果这个命令返回的值为零，那么您的计算节点不支持硬件加速，您必须将libvirt配置为使用QEMU而不是KVM。）</span></span><br><span class="line">egrep -c &#x27;(vmx|svm)&#x27; /proc/cpuinfo</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> （根据情况选择是否执行）编辑/etc/nova/nova.conf文件中的[libvirt]部分，如下所示</span></span><br><span class="line">vim /etc/nova/nova.conf</span><br><span class="line"></span><br><span class="line">[libvirt]</span><br><span class="line">virt_type = qemu</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、启动Compute服务，包括它的依赖项，并配置它们在系统启动时自动启动</span></span><br><span class="line">systemctl enable libvirtd.service openstack-nova-compute.service</span><br><span class="line">systemctl start libvirtd.service openstack-nova-compute.service</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226163807331.png" alt="image-20211226163807331"></p>
<h4 id="5-5、将计算节点添加到cell数据库（控制节点）"><a href="#5-5、将计算节点添加到cell数据库（控制节点）" class="headerlink" title="5.5、将计算节点添加到cell数据库（控制节点）"></a>5.5、将计算节点添加到cell数据库（控制节点）</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、获取管理员凭据以启用仅管理的 CLI 命令，然后确认数据库中有计算主机</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line">openstack compute service list --service nova-compute</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、发现计算机主机</span></span><br><span class="line">su -s /bin/sh -c &quot;nova-manage cell_v2 discover_hosts --verbose&quot; nova</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、配置主机自动发现，这样就不需要每次都手动执行发现主机命令了</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 添加新的计算节点时，必须在控制器节点上运行nova-manage cell_v2 discover_hosts，以注册这些新的计算节点。或者，您可以在/etc/nova/nova.conf中设置适当的间隔自动发现主机</span></span><br><span class="line">vim /etc/nova/nova.conf</span><br><span class="line">[scheduler]</span><br><span class="line">discover_hosts_in_cells_interval = 300</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、重启nova服务</span></span><br><span class="line">systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226164101747.png" alt="image-20211226164101747"></p>
<h4 id="5-6、验证操作（控制节点）"><a href="#5-6、验证操作（控制节点）" class="headerlink" title="5.6、验证操作（控制节点）"></a>5.6、验证操作（控制节点）</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 验证计算机服务的操作</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 1、获取管理员凭据以访问仅管理的 CLI 命令</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、列出服务组件，以确认每个过程的成功启动和注册</span></span><br><span class="line">openstack compute service list</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、列出Identity服务中的API端点，以验证与Identity服务的连接性</span></span><br><span class="line">openstack catalog list</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、列出Image服务中的镜像，以验证与Image服务的连接性</span></span><br><span class="line">openstack image list</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 5、检查cells和placement API是否正常工作，以及其他必要的先决条件是否到位</span></span><br><span class="line">nova-status upgrade check</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211226164802177.png" alt="image-20211226164802177"></p>
<h3 id="六、网络服务—neutron安装"><a href="#六、网络服务—neutron安装" class="headerlink" title="六、网络服务—neutron安装"></a>六、网络服务—neutron安装</h3><p><font color="red">此章节配置文件较为复杂，建议在配置前先对各节点(控制节点、计算节点)创建快照。</font></p>
<h4 id="6-1、网络服务概述"><a href="#6-1、网络服务概述" class="headerlink" title="6.1、网络服务概述"></a>6.1、网络服务概述</h4><p>OpenStack Networking (neutron)允许您创建由其他OpenStack服务管理的接口设备并将其连接到网络。可以实现插件来适应不同的网络设备和软件，从而为OpenStack体系结构和部署提供灵活性。</p>
<p>它包括以下组成部分:</p>
<p><strong>neutron-server</strong>：接受API请求并将其路由到适当的OpenStack Networking插件以执行操作。</p>
<p><strong>OpenStack Networking plug-ins and agents</strong>：插拔端口，创建网络或子网，并提供IP地址。这些插件和代理根据特定云中使用的供应商和技术而有所不同。OpenStack Networking 提供了用于Cisco虚拟交换机和物理交换机、NEC OpenFlow产品、Open vSwitch、Linux bridging和VMware NSX产品的插件和代理。</p>
<p><strong>Messaging queue</strong> ：大多数OpenStack Networking安装使用它来在neutron-server和各种代理之间路由信息。它还充当数据库，用于存储特定插件的网络状态。</p>
<p>OpenStack Networking主要与OpenStack Compute交互，为其实例提供网络和连接。</p>
<h4 id="6-2、网络-neturon-概念"><a href="#6-2、网络-neturon-概念" class="headerlink" title="6.2、网络(neturon)概念"></a>6.2、网络(neturon)概念</h4><p>OpenStack Networking (neutron)管理OpenStack环境中虚拟网络基础设施(VNI)的所有网络方面和物理网络基础设施(PNI)的访问层方面。OpenStack Networking使项目能够创建高级虚拟网络拓扑，其中可能包括防火墙和虚拟专用网络(VPN)等服务。</p>
<p>Networking提供网络、子网和路由器作为对象抽象。每个抽象都具有模仿其物理对应物的功能: 网络包含子网，而路由器在不同的子网和网络之间路由流量。</p>
<p>任何给定的网络设置都至少有一个外部网络。与其他网络不同，外部网络不仅仅是一个虚拟定义的网络。相反，相反，它代表了在OpenStack安装之外可访问的物理外部网络的一部分的视图。外部网络上的任何人都可以访问外部网络上的IP地址。</p>
<p>除了外部网络，任何网络设置都有一个或多个内部网络。这些软件定义的网络直接连接到虚拟机。只有任何给定内部网络上的虚拟机，或者通过接口连接到类似路由器的子网上的虚拟机，才能直接访问连接到该网络的虚拟机。</p>
<p>对于外部网络访问虚拟机，反之亦然，网络之间的路由器是必需的。每个路由器都有一个连接到外部网络的网关和一个或多个连接到内部网络的接口。像物理路由器一样，子网可以访问连接到同一路由器的其他子网上的机器，机器可以通过路由器的网关访问外部网络。</p>
<p>此外，您可以将外部网络上的IP地址分配给内部网络上的端口。每当有东西连接到子网时，这个连接就被称为端口。您可以将外部网络IP地址与vm端口关联。这样，外部网络上的实体就可以访问虚拟机。</p>
<p>网络还支持安全组。安全组使管理员能够在组中定义防火墙规则。一个VM可以属于一个或多个安全组Networking应用这些安全组中的规则来阻止或取消阻止该VM的端口、端口范围或流量类型。</p>
<p>Networking使用的每个插件都有自己的概念。虽然对于操作虚拟网络基础设施(VNI)和OpenStack环境并不重要，但理解这些概念可以帮助您建立网络。所有网络安装都使用核心插件和安全组插件(或者只使用No-Op安全组插件)。此外，还可以使用防火墙即服务(FWaaS)。</p>
<p><font color="red">在进行下面的操作之前要确保已经配置了主机网络(控制节点、计算节点、块存储节点Optional)。具体参考第一章节：配置虚拟机与基本服务配置</font></p>
<h4 id="6-3、安装与配置准备工作（控制节点）"><a href="#6-3、安装与配置准备工作（控制节点）" class="headerlink" title="6.3、安装与配置准备工作（控制节点）"></a>6.3、安装与配置准备工作（控制节点）</h4><p>在配置OpenStack Networking (neutron)服务之前，必须创建数据库、服务凭据和API端点。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、要创建数据库，请完成以下步骤</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.1、使用数据库访问客户端作为root用户连接到数据库服务器</span></span><br><span class="line">mysql -p123456</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.2、neutron</span></span><br><span class="line">CREATE DATABASE neutron;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.3、授予neutron用户对neutron数据库的适当访问权限（设置账号：neutron；密码：NEUTRON123）</span></span><br><span class="line">GRANT ALL PRIVILEGES ON neutron.* TO &#x27;neutron&#x27;@&#x27;%&#x27; IDENTIFIED BY &#x27;NEUTRON123&#x27;;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 1.4、退出</span></span><br><span class="line">quit</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、如果 非管理员则需要获取管理员凭据以访问仅管理的 CLI 命令</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、要创建服务凭据，请完成以下步骤:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.1、创建neutron用户（设置密码：neutron）</span></span><br><span class="line">openstack user create --domain default --password-prompt neutron</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.2、将管理员角色赋给neutron用户</span></span><br><span class="line">openstack role add --project service --user neutron admin</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.3、创建neutron服务实体</span></span><br><span class="line">openstack service create --name neutron --description &quot;OpenStack Networking&quot; network</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、创建Networking服务API端点</span></span><br><span class="line">openstack endpoint create --region RegionOne network public http://controller:9696</span><br><span class="line">openstack endpoint create --region RegionOne network internal http://controller:9696</span><br><span class="line">openstack endpoint create --region RegionOne network admin http://controller:9696</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228101940489.png" alt="image-20211228101940489"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228104009222.png" alt="image-20211228104009222"></p>
<p><font color="red">配置网络选项：如前文“架构示例”中介绍，配置网络选项有2种（一种是提供商网络，一种是自助服务网络。可以使用备选方案1和备选方案2表示的两种体系结构之一部署Networking服务。)</font></p>
<p><font color="red">备选方案1部署最简单的体系结构，只支持将实例附加到提供者(外部)网络。没有自助(专用)网络、路由器或浮动IP地址。只有管理员或其他特权用户可以管理提供商网络。</font></p>
<p><font color="red">备选方案2增强了备选方案1，即支持将实例附加到自助服务网络的第三层服务。演示用户或其他无特权的用户可以管理自助服务网络，包括提供自助服务和提供者网络之间连接的路由器。此外，浮动IP地址从外部网络(如Internet)向使用自助服务网络的实例提供连接。</font></p>
<p><font color="red">自助服务网络通常使用overlay networks。overlay网络协议，如VXLAN，包括额外的报头，增加了开销，减少了有效载荷或用户数据的可用空间。在不了解虚拟网络基础设施的情况下，实例试图使用1500字节的默认以太网最大传输单元(MTU)发送数据包。网络服务通过DHCP自动向实例提供正确的MTU值。但是，有些云镜像不使用DHCP或忽略DHCP MTU选项，需要使用元数据或脚本进行配置。自助服务网络还支持将实例附加到提供者网络。</font></p>
<p><font color="red"><strong>在此选择备选方案1进行部署配置。</strong></font></p>
<h4 id="6-4、安装配置（控制节点）"><a href="#6-4、安装配置（控制节点）" class="headerlink" title="6.4、安装配置（控制节点）"></a>6.4、安装配置（控制节点）</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br><span class="line">98</span><br><span class="line">99</span><br><span class="line">100</span><br><span class="line">101</span><br><span class="line">102</span><br><span class="line">103</span><br><span class="line">104</span><br><span class="line">105</span><br><span class="line">106</span><br><span class="line">107</span><br><span class="line">108</span><br><span class="line">109</span><br><span class="line">110</span><br><span class="line">111</span><br><span class="line">112</span><br><span class="line">113</span><br><span class="line">114</span><br><span class="line">115</span><br><span class="line">116</span><br><span class="line">117</span><br><span class="line">118</span><br><span class="line">119</span><br><span class="line">120</span><br><span class="line">121</span><br><span class="line">122</span><br><span class="line">123</span><br><span class="line">124</span><br><span class="line">125</span><br><span class="line">126</span><br><span class="line">127</span><br><span class="line">128</span><br><span class="line">129</span><br><span class="line">130</span><br><span class="line">131</span><br><span class="line">132</span><br><span class="line">133</span><br><span class="line">134</span><br><span class="line">135</span><br><span class="line">136</span><br><span class="line">137</span><br><span class="line">138</span><br><span class="line">139</span><br><span class="line">140</span><br><span class="line">141</span><br><span class="line">142</span><br><span class="line">143</span><br><span class="line">144</span><br><span class="line">145</span><br><span class="line">146</span><br><span class="line">147</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"><span class="comment">### 注意网络选择1: 提供商网络。在控制器节点上进行如下安装和配置网络组件 ####</span></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 1、安装组件</span></span><br><span class="line">yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、配置服务器组件，网络服务器组件配置包括数据库、身份验证机制、消息队列、拓扑更改通知和插件。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.1、编辑/etc/neutron/neutron.conf 文件并完成以下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 在[database]部分，配置数据库访问:</span> </span><br><span class="line">vim /etc/neutron/neutron.conf</span><br><span class="line"></span><br><span class="line">[database]</span><br><span class="line">connection = mysql+pymysql://neutron:NEUTRON123@controller/neutron</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.2、在[DEFAULT]部分，启用模块化层2(ML2)插件并禁用其他插件</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">core_plugin = ml2</span><br><span class="line">service_plugins =</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.3、在[DEFAULT]部分，配置RabbitMQ消息队列访问:</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">transport_url = rabbit://openstack:openstack123@controller</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.4、在[DEFAULT]和[keystone_authtoken]部分中，配置身份服务访问:</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">auth_strategy = keystone</span><br><span class="line"></span><br><span class="line">[keystone_authtoken]</span><br><span class="line">www_authenticate_uri = http://controller:5000</span><br><span class="line">auth_url = http://controller:5000</span><br><span class="line">memcached_servers = controller:11211</span><br><span class="line">auth_type = password</span><br><span class="line">project_domain_name = default</span><br><span class="line">user_domain_name = default</span><br><span class="line">project_name = service</span><br><span class="line">username = neutron</span><br><span class="line">password = neutron</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.5、在[DEFAULT]和[nova]部分中，配置网络以通知计算网络拓扑更改:</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">notify_nova_on_port_status_changes = true</span><br><span class="line">notify_nova_on_port_data_changes = true</span><br><span class="line"></span><br><span class="line">[nova]</span><br><span class="line">auth_url = http://controller:5000</span><br><span class="line">auth_type = password</span><br><span class="line">project_domain_name = default</span><br><span class="line">user_domain_name = default</span><br><span class="line">region_name = RegionOne</span><br><span class="line">project_name = service</span><br><span class="line">username = nova</span><br><span class="line">password = nova</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.6、在[oslo_concurrency]部分，配置锁路径:</span></span><br><span class="line">[oslo_concurrency]</span><br><span class="line">lock_path = /var/lib/neutron/tmp</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、Configure the Modular Layer 2 (ML2) plug-in 配置模块化层2(ML2)插件</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> Ml2插件使用Linux 桥接机制为实例构建第2层(桥接和交换)虚拟网络基础设施（在配置ml2插件之后，删除type_drivers选项中的值可能会导致数据库不一致。）</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件并完成以下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 由于train版中ml2_conf.ini文件有缺失，可以访问以下地址将配置内容先复制然后覆盖train版中ml2_conf.ini文件，然后再修改。https://docs.openstack.org/ocata/config-reference/networking/samples/ml2_conf.ini.html</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.1、在[ml2]部分，启用flat和VLAN网络:</span></span><br><span class="line">vim /etc/neutron/plugins/ml2/ml2_conf.ini</span><br><span class="line"></span><br><span class="line">[ml2]</span><br><span class="line">type_drivers = flat,vlan</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.2、在[ml2]部分，禁用自助服务网络:</span></span><br><span class="line">[ml2]</span><br><span class="line">tenant_network_types =</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.3、在[ml2]部分，启用Linux桥接机制:</span></span><br><span class="line">[ml2]</span><br><span class="line">mechanism_drivers = linuxbridge</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.4、在[ml2]部分，启用端口安全扩展驱动程序:</span></span><br><span class="line">[ml2]</span><br><span class="line">extension_drivers = port_security</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.5、在[ml2_type_flat]部分，将提供者虚拟网络配置为扁平flat网络（注意flat_networks的值）:</span></span><br><span class="line">[ml2_type_flat]</span><br><span class="line"><span class="meta">#</span><span class="bash"> flat_networks = provider</span></span><br><span class="line">flat_networks = extnet</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.6、在[securitygroup]部分，启用ipset以提高安全组规则的效率:</span></span><br><span class="line">[securitygroup]</span><br><span class="line">enable_ipset = true</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、Configure the Linux bridge agent 配置Linux桥接代理</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> Linux桥代理为实例构建第2层(桥接和交换)虚拟网络基础设施，并处理安全组。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4.1、编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 同样由于train版中linuxbridge_agent.ini文件有缺失，可以访问以下地址将配置内容先复制郭爱丽覆盖train版中linuxbridge_agent.ini文件，然后再修改。https://docs.openstack.org/ocata/config-reference/networking/samples/linuxbridge_agent.ini.html（d+G全部删除快捷键）</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 在[linux_bridge]部分，将提供者虚拟网络映射到提供者物理网络接口:</span></span><br><span class="line">vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini</span><br><span class="line"></span><br><span class="line">[linux_bridge]</span><br><span class="line"><span class="meta">#</span><span class="bash"> physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME（需要绑定的网卡）</span></span><br><span class="line">physical_interface_mappings = extnet:ens33</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4.2、在[VXLAN]部分，禁用VXLAN overlay网络:</span></span><br><span class="line">[vxlan]</span><br><span class="line">enable_vxlan = false</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4.3、在[securitygroup]部分，启用安全组并配置Linux桥iptables防火墙驱动程序:</span></span><br><span class="line">[securitygroup]</span><br><span class="line">enable_security_group = true</span><br><span class="line">firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4.4、确保你的Linux操作系统内核支持网桥过滤器，验证所有以下sysctl值设置为1:(为了启用网桥支持，通常需要加载br_netfilter内核模块。)</span></span><br><span class="line">vim /etc/sysctl.conf</span><br><span class="line"></span><br><span class="line">net.bridge.bridge-nf-call-iptables = 1</span><br><span class="line">net.bridge.bridge-nf-call-ip6tables = 1</span><br><span class="line"><span class="meta">#</span><span class="bash"> 4.5、加载br_netfilter内核模块</span></span><br><span class="line">modprobe br_netfilter</span><br><span class="line"><span class="meta">#</span><span class="bash"> 加载完成后验证</span></span><br><span class="line">sysctl -p</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 5、Configure the DHCP agent 配置DHCP代理</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> DHCP代理为虚拟网络提供DHCP服务</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 5.1、编辑/etc/neutron/dhcp_agent.ini文件并完成以下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 在[DEFAULT]部分，配置Linux桥接口驱动程序，Dnsmasq DHCP驱动程序，并启用隔离的元数据，以便提供商网络上的实例可以通过网络访问元数据:</span></span><br><span class="line">vim /etc/neutron/dhcp_agent.ini</span><br><span class="line">[DEFAULT]</span><br><span class="line">interface_driver = linuxbridge</span><br><span class="line">dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq</span><br><span class="line">enable_isolated_metadata = true</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 6、配置元数据代理</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 元数据代理提供配置信息，例如对实例的凭据。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 6.1、编辑/etc/neutron/metadata_agent.ini文件并完成以下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 在[DEFAULT]部分，配置元数据主机和共享密码:（设置元数据共享密码：METADATA123）</span></span><br><span class="line">vim /etc/neutron/metadata_agent.ini</span><br><span class="line">[DEFAULT]</span><br><span class="line">nova_metadata_host = controller</span><br><span class="line">metadata_proxy_shared_secret = METADATA123</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 7、将Compute服务配置为使用网络服务（必须安装Nova计算服务才能完成此步骤。）</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 7.1、编辑/etc/nova/nova.conf文件并执行以下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 在[neutron]部分，配置访问参数，启用元数据代理，并配置密码:（此处密码便是上面设置的元数据共享密码：METADATA123）</span></span><br><span class="line">vim /etc/nova/nova.conf</span><br><span class="line">[neutron]</span><br><span class="line">auth_url = http://controller:5000</span><br><span class="line">auth_type = password</span><br><span class="line">project_domain_name = default</span><br><span class="line">user_domain_name = default</span><br><span class="line">region_name = RegionOne</span><br><span class="line">project_name = service</span><br><span class="line">username = neutron</span><br><span class="line">password = neutron</span><br><span class="line">service_metadata_proxy = true</span><br><span class="line">metadata_proxy_shared_secret = METADATA123</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 8、完成安装</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 8.1、Networking服务初始化脚本期望有一个指向ml2插件配置文件/etc/neutron/plugin.ini的符号链接/etc/neutron/plugins/ML2/ML2_conf.Ini.如果这个符号链接不存在，使用以下命令创建它:</span></span><br><span class="line">ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini</span><br><span class="line"><span class="meta">#</span><span class="bash"> 8.2、创建neutron数据库（由于脚本需要完整的服务器配置文件和插件配置文件，因此网络的数据库填充稍后会发生。）</span></span><br><span class="line">su -s /bin/sh -c &quot;neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head&quot; neutron</span><br><span class="line"><span class="meta">#</span><span class="bash"> 8.3、重新启动Compute API服务:</span></span><br><span class="line">systemctl restart openstack-nova-api.service</span><br><span class="line"><span class="meta">#</span><span class="bash"> 8.4、启动Networking服务并将其配置为在系统启动时自动启动</span></span><br><span class="line">systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service</span><br><span class="line">systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228151823784.png" alt="image-20211228151823784"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228165304310.png" alt="image-20211228165304310"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228165745448.png" alt="image-20211228165745448"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211230112548717.png" alt="image-20211230112548717"></p>
<h4 id="6-5、安装配置（计算节点）"><a href="#6-5、安装配置（计算节点）" class="headerlink" title="6.5、安装配置（计算节点）"></a>6.5、安装配置（计算节点）</h4><p>计算节点处理实例的连接性和安全组。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、安装组件</span></span><br><span class="line">yum install openstack-neutron-linuxbridge ebtables ipset -y</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、配置公共组件</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 网络通用组件配置包括身份验证机制、消息队列和插件。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.1、编辑/etc/neutron/neutron.conf文件并完成以下操作:</span></span><br><span class="line">vim /etc/neutron/neutron.conf</span><br><span class="line"><span class="meta">#</span><span class="bash"> 在[database]部分中，注释掉任何连接选项，因为计算节点不直接访问数据库。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"></span></span><br><span class="line"><span class="bash"><span class="comment"># 2.2、在[DEFAULT]部分，配置RabbitMQ消息队列访问:</span></span></span><br><span class="line">[DEFAULT]</span><br><span class="line">transport_url = rabbit://openstack:openstack123@controller</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.3、在[ DEFAULT ]和[keystone_authtoken]部分中，配置身份服务访问:(注释掉或删除[keystone_authtoken]部分中的任何其他选项。)</span></span><br><span class="line">[DEFAULT]</span><br><span class="line">auth_strategy = keystone</span><br><span class="line"></span><br><span class="line">[keystone_authtoken]</span><br><span class="line">www_authenticate_uri = http://controller:5000</span><br><span class="line">auth_url = http://controller:5000</span><br><span class="line">memcached_servers = controller:11211</span><br><span class="line">auth_type = password</span><br><span class="line">project_domain_name = default</span><br><span class="line">user_domain_name = default</span><br><span class="line">project_name = service</span><br><span class="line">username = neutron</span><br><span class="line">password = neutron</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.4、在[oslo_concurrency]部分，配置锁路径:</span></span><br><span class="line">[oslo_concurrency]</span><br><span class="line">lock_path = /var/lib/neutron/tmp</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、配置网络选项（与控制节点一样选择‘备选方案1：提供商网络’进行网络的配置）</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 配置Linux桥接代理</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.1、编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini 文件并完成以下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 在[linux_bridge]部分，将提供者虚拟网络映射到提供者物理网络接口:</span></span><br><span class="line">[linux_bridge]</span><br><span class="line"><span class="meta">#</span><span class="bash"> physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME</span></span><br><span class="line">physical_interface_mappings = extnet:ens33</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.2、在[VXLAN]部分，禁用VXLAN覆盖网络:</span></span><br><span class="line">[vxlan]</span><br><span class="line">enable_vxlan = false</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.3、在[securitygroup]部分，启用安全组并配置Linux桥iptables防火墙驱动程序：</span></span><br><span class="line">[securitygroup]</span><br><span class="line">enable_security_group = true</span><br><span class="line">firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.4、确保你的Linux操作系统内核支持网桥过滤器，验证所有以下sysctl值设置为1:</span></span><br><span class="line">vim /etc/sysctl.conf</span><br><span class="line"></span><br><span class="line">net.bridge.bridge-nf-call-iptables = 1</span><br><span class="line">net.bridge.bridge-nf-call-ip6tables = 1</span><br><span class="line"><span class="meta">#</span><span class="bash"> 3.5、加载br_netfilter内核模块</span></span><br><span class="line">modprobe br_netfilter</span><br><span class="line"><span class="meta">#</span><span class="bash"> 加载完成后验证</span></span><br><span class="line">sysctl -p</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、将Compute服务配置为使用网络服务</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4.1、编辑/etc/nova/nova.conf 文件并完成以下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 在[neutron]部分，配置访问参数:</span></span><br><span class="line">vim /etc/nova/nova.conf</span><br><span class="line"></span><br><span class="line">[neutron]</span><br><span class="line">auth_url = http://controller:5000</span><br><span class="line">auth_type = password</span><br><span class="line">project_domain_name = default</span><br><span class="line">user_domain_name = default</span><br><span class="line">region_name = RegionOne</span><br><span class="line">project_name = service</span><br><span class="line">username = neutron</span><br><span class="line">password = neutron</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 5、完成安装</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 5.1、重新启动Compute服务:</span></span><br><span class="line">systemctl restart openstack-nova-compute.service</span><br><span class="line"><span class="meta">#</span><span class="bash"> 5.2、启动 Linux 桥代理，并配置它在系统启动时自动启动:</span></span><br><span class="line">systemctl enable neutron-linuxbridge-agent.service</span><br><span class="line">systemctl start neutron-linuxbridge-agent.service</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228222522675.png" alt="image-20211228222522675"></p>
<h4 id="6-6、验证操作（控制节点）"><a href="#6-6、验证操作（控制节点）" class="headerlink" title="6.6、验证操作（控制节点）"></a>6.6、验证操作（控制节点）</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 在控制器节点上执行这些命令</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 1、获取管理员凭据以访问仅管理的 CLI 命令:</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、列出用于核实neutron-server程序成功启动的加载扩展程序:</span></span><br><span class="line">openstack extension list --network</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、验证提供商网络配置。列出代理以验证neutron代理的成功启动：（输出应该指示控制器节点上的三个代理和每个计算节点上的一个代理。）</span></span><br><span class="line">openstack network agent list</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228222716292.png" alt="image-20211228222716292"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228222916164.png" alt="image-20211228222916164"></p>
<h3 id="七、启动实例（命令行方式）"><a href="#七、启动实例（命令行方式）" class="headerlink" title="七、启动实例（命令行方式）"></a>七、启动实例（命令行方式）</h3><p>以上各模块都配置成功后，可以启动个实例。<font color="red">建议再次创建快照。</font></p>
<p>本节创建必要的虚拟网络以支持启动实例。网络选项1包括一个提供者(外部)网络和一个使用它的实例。<del>网络选项2包括一个提供者网络和一个使用该网络的实例，以及一个使用该网络的自助服务(专用)网络。</del></p>
<h4 id="7-1、创建提供者网络（控制节点）"><a href="#7-1、创建提供者网络（控制节点）" class="headerlink" title="7.1、创建提供者网络（控制节点）"></a>7.1、创建提供者网络（控制节点）</h4><p>为配置Neutron时选择的网络选项创建虚拟网络。如果选择选项1，则只创建提供程序网络。<del>如果选择了选项2，则创建提供者和自助服务网络。</del></p>
<p>在启动实例之前，必须创建必要的虚拟网络基础结构。对于网络选项1，实例使用通过第二层(桥接/交换)连接到物理网络基础设施的提供者(外部)网络。这个网络包括一个DHCP服务器，它为实例提供IP地址。</p>
<p>管理员或其他特权用户必须创建此网络，因为它直接连接到物理网络基础设施。下列说明和图表使用示例IP地址范围。必须根据特定环境调整它们。</p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228224401961.png" alt="image-20211228224401961"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228224518070.png" alt="image-20211228224518070"></p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 创建提供者网络</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 1、在控制节点上，获取管理凭据以访问仅管理的 CLI 命令:</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、创建网络</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> -- share 选项允许所有项目使用虚拟网络</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> --external选项将虚拟网络定义为外部的</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 如果你想创建一个内部网络，你可以使用--internal。默认值是内部的</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> --provider-physical-network provider 和 --provider-network-type flat 选项使用来自以下文件的信息将平面虚拟网络连接到主机eth1接口上的平面（本机/未标记）物理网络：</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> ml2_conf.ini:（在上文已经配置的内容）</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> [ml2_type_flat]</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> flat_networks = extnet</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> linuxbridge_agent.ini:（在上文已经配置的内容）</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> [linux_bridge]</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> physical_interface_mappings = extnet:ens33</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> openstack network create  --share --external --provider-physical-network provider --provider-network-type flat provider</span></span><br><span class="line"></span><br><span class="line">openstack network create --share --external --provider-physical-network extnet --provider-network-type flat flat-extnet</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、在网络上创建一个子网:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 用CIDR表示法将PROVIDER_network_CIDR替换为PROVIDER物理网络上的子网</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 用要为实例分配的子网范围内的第一个和最后一个IP地址替换START_IP_ADDRESS和 END_IP_ADDRESS。此范围不能包括任何现有的活动IP地址。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 将DNS_RESOLVER替换为DNS解析器的IP地址。在大多数情况下，您可以使用 /etc/resolv.conf文件中的一个主机。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 将PROVIDER_NETWORK_GATEWAY替换为提供商网络上的网关IP地址，通常为“.1”IP地址。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 例子：</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> provider network使用203.0.113.0/24，网关是203.0.113.1。DHCP服务器为每个实例分配一个从203.0.113.101到203.0.113.250的IP地址。所有实例都使用8.8.4.4作为DNS解析器。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> openstack subnet create --network provider --allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS --dns-nameserver DNS_RESOLVER --gateway PROVIDER_NETWORK_GATEWAY --subnet-range PROVIDER_NETWORK_CIDR provider</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 根据自己情况填写，基于flat-extnet网络创建flat-subnet子网（在第一章的1.1节能够查看相关信息）</span></span><br><span class="line">openstack subnet create --network flat-extnet --allocation-pool start=192.168.147.128,end=192.168.147.254 --dns-nameserver 114.114.114.114 --gateway 192.168.147.2 --subnet-range 192.168.147.0/24 flat-subnet</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228231216824.png" alt="image-20211228231216824"></p>
<h4 id="7-2、Create-m1-nano-flavor"><a href="#7-2、Create-m1-nano-flavor" class="headerlink" title="7.2、Create m1.nano flavor"></a>7.2、Create m1.nano flavor</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、最小的默认flavor每个实例消耗512MB内存。对于计算节点内存小于4gb的环境，我们建议创建每个实例只需要64mb内存的m1.nano。仅在CirrOS镜像中使用这种flavor用于测试目的。</span></span><br><span class="line">openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、生成一个密钥对</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 大多数云镜像支持公共密钥认证/密码认证，而不是传统的密码认证。在启动实例之前，必须向Compute服务添加一个公钥。（或者，您可以跳过ssh-keygen命令，使用现有的公钥。）</span></span><br><span class="line">ssh-keygen -q -N &quot;&quot;</span><br><span class="line">openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、验证配对钥匙的添加:</span></span><br><span class="line">openstack keypair list</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、添加安全组规则</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 默认情况下，默认安全组应用于所有实例，并包含拒绝远程访问实例的防火墙规则。对于CirrOS这样的Linux镜像，我们建议至少允许ICMP(ping)和安全shell(SSH)。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 向默认安全组添加规则:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 允许ICMP (ping):</span></span><br><span class="line">openstack security group rule create --proto icmp default</span><br><span class="line"><span class="meta">#</span><span class="bash"> 允许安全 shell (SSH)访问:</span></span><br><span class="line">openstack security group rule create --proto tcp --dst-port 22 default</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228234518358.png" alt="image-20211228234518358"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228234641301.png" alt="image-20211228234641301"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228234807924.png" alt="image-20211228234807924"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228235021626.png" alt="image-20211228235021626"></p>
<h4 id="7-3、在provider-network上启动一个实例"><a href="#7-3、在provider-network上启动一个实例" class="headerlink" title="7.3、在provider network上启动一个实例"></a>7.3、在provider network上启动一个实例</h4><p>如果选择网络选项1，则只能在提供者网络上启动实例。<del>如果选择网络选项2，则可以在提供者网络和自助服务网络上启动实例。</del></p>
<p>要启动实例，您至少必须指定flavor, image name, network, security group, key, and instance name.</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 解决访问地址虚拟控制台并未能起来的bug</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 先查看服务器支持的虚拟化类型（如果没有安装libvirt，则需要安装yum -y install libvirt）</span></span><br><span class="line">virsh capabilities  # 此命令在计算节点执行，查看&lt;machine maxCpus=&#x27;240&#x27;&gt;pc-i440fx-rhel7.2.0&lt;/machine&gt;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 配置/etc/nova/nova.conf</span></span><br><span class="line">vim /etc/nova/nova.conf  # 此配置在计算节点修改</span><br><span class="line">[libvirt]</span><br><span class="line">hw_machine_type = x86_64=pc-i440fx-rhel7.2.0 # 更改虚拟化类型</span><br><span class="line">cpu_mode = host-passthrough  # 直接使用宿主机的cpu</span><br><span class="line"><span class="meta">#</span><span class="bash"> 重启nova服务</span></span><br><span class="line">systemctl restart openstack-nova-*   # 计算节点执行</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 1、在控制器节点上，获取演示凭据以访问只有用户使用的 CLI 命令:</span></span><br><span class="line">source admin-openrc.sh</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、flavor指定虚拟资源分配配置文件，其中包括处理器、内存和存储。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 列出可供选择的flavors:（可以通过ID引用flavor）</span></span><br><span class="line">openstack flavor list</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、列出可用镜像Images</span></span><br><span class="line">openstack image list</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 4、列出可用网络networks</span></span><br><span class="line">openstack network list</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 5、列出可用的安全组security groups:</span></span><br><span class="line">openstack security group list</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 6、以上条件都设置了，可以启动实例</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 将PROVIDER_NET_ID替换为提供商提供商网络的ID。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 如果选择了选项1，并且您的环境只包含一个网络，则可以省略 -- nic 选项，因为 OpenStack 会自动选择唯一可用的网络。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> openstack server create --flavor m1.nano --image cirros --nic net-id=PROVIDER_NET_ID --security-group default --key-name mykey provider-instance</span></span><br><span class="line"></span><br><span class="line">openstack server create --flavor m1.nano --image cirros --nic net-id=78e4aebb-a7dc-4c21-b922-f7e1d9999d51 --security-group default --key-name mykey vm1</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 7、检查实例的状态（当生成过程成功完成时，状态从BUILD更改为ACTIVE。）</span></span><br><span class="line">openstack server list</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228235229548.png" alt="image-20211228235229548"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228235636340.png" alt="image-20211228235636340"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211228235717077.png" alt="image-20211228235717077"></p>
<h4 id="7-4、使用虚拟控制台访问实例"><a href="#7-4、使用虚拟控制台访问实例" class="headerlink" title="7.4、使用虚拟控制台访问实例"></a>7.4、使用虚拟控制台访问实例</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 无特殊说明则是在控制节点</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 1、获取您的实例的虚拟网络计算(VNC:Virtual Network Computing)会话URL，并通过web浏览器访问它:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 如果您的web浏览器运行在一个无法解析控制器主机名的主机上，您可以用您的控制器节点上的管理接口的IP地址替换控制器。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> CirrOS镜像包括常规的用户名/密码身份验证，并在登录提示符处提供这些凭据。登录到CirrOS 后，我们建议您使用ping验证网络连接性。</span></span><br><span class="line">openstack console url show vm1</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、验证对提供者物理网络网关的访问:</span></span><br><span class="line">ping -c 4 192.168.147.2</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、核实互联网的接入</span></span><br><span class="line">ping -c 4 www.baidu.com</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229004353260.png" alt="image-20211229004353260"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229004913215.png" alt="image-20211229004913215"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229005405699.png" alt="image-20211229005405699"></p>
<h4 id="7-5、远程访问实例"><a href="#7-5、远程访问实例" class="headerlink" title="7.5、远程访问实例"></a>7.5、远程访问实例</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、验证从控制节点或提供者物理网络上的任何主机到实例的连接:</span></span><br><span class="line">ping -c 4 192.168.147.236</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、从控制节点或提供者物理网络上的任何主机使用SSH访问您的实例:</span></span><br><span class="line">ssh cirros@192.168.147.236</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229005749298.png" alt="image-20211229005749298"></p>
<h3 id="八、Dashboard"><a href="#八、Dashboard" class="headerlink" title="八、Dashboard"></a>八、Dashboard</h3><p>本节描述如何在控制器节点上安装和配置仪表板。</p>
<p>仪表板所需的唯一核心服务是Identity服务。您可以将仪表板与其他服务(如图像服务、计算和网络)结合使用。您还可以在具有独立服务(如对象存储)的环境中使用仪表板。</p>
<h4 id="8-1、安装配置（控制节点）"><a href="#8-1、安装配置（控制节点）" class="headerlink" title="8.1、安装配置（控制节点）"></a>8.1、安装配置（控制节点）</h4><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#</span><span class="bash"> 1、安装软件包</span></span><br><span class="line">yum install openstack-dashboard -y</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2、编辑/etc/openstack-dashboard/local_settings文件并完成以下操作:</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.1、在控制器节点上配置仪表板以使用OpenStack服务</span></span><br><span class="line">vim /etc/openstack-dashboard/local_settings</span><br><span class="line">OPENSTACK_HOST = &quot;controller&quot;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.2、允许主机访问仪表板（ [<span class="string">&#x27;*&#x27;</span>] 接受所有主机）</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> ALLOWED_HOSTS = [<span class="string">&#x27;one.example.com&#x27;</span>, <span class="string">&#x27;two.example.com&#x27;</span>]</span></span><br><span class="line">ALLOWED_HOSTS = [&#x27;*&#x27;]</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.3、配置memcached会话存储服务（注释掉任何其他会话存储配置。）</span></span><br><span class="line">SESSION_ENGINE = &#x27;django.contrib.sessions.backends.cache&#x27;</span><br><span class="line"></span><br><span class="line">CACHES = &#123;</span><br><span class="line">    &#x27;default&#x27;: &#123;</span><br><span class="line">         &#x27;BACKEND&#x27;: &#x27;django.core.cache.backends.memcached.MemcachedCache&#x27;,</span><br><span class="line">         &#x27;LOCATION&#x27;: &#x27;controller:11211&#x27;,</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.4、启用Identity API版本3</span></span><br><span class="line">OPENSTACK_KEYSTONE_URL = &quot;http://%s:5000/v3&quot; % OPENSTACK_HOST</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.5、支持域名</span></span><br><span class="line">OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.6、配置API版本</span></span><br><span class="line">OPENSTACK_API_VERSIONS = &#123;</span><br><span class="line">    &quot;identity&quot;: 3,</span><br><span class="line">    &quot;image&quot;: 2,</span><br><span class="line">    &quot;volume&quot;: 3,</span><br><span class="line">&#125;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.7、将Default配置为您通过仪表板创建的用户的默认域</span></span><br><span class="line">OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = &quot;Default&quot;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.8、将user配置为您通过仪表板创建的用户的默认角色</span></span><br><span class="line">OPENSTACK_KEYSTONE_DEFAULT_ROLE = &quot;user&quot;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.9、如果您选择网络选项1，禁用对第三层网络服务的支持</span></span><br><span class="line">OPENSTACK_NEUTRON_NETWORK = &#123;</span><br><span class="line">    &#x27;enable_router&#x27;: False,</span><br><span class="line">    &#x27;enable_quotas&#x27;: False,</span><br><span class="line">    &#x27;enable_distributed_router&#x27;: False,</span><br><span class="line">    &#x27;enable_ha_router&#x27;: False,</span><br><span class="line">    &#x27;enable_lb&#x27;: False,</span><br><span class="line">    &#x27;enable_firewall&#x27;: False,</span><br><span class="line">    &#x27;enable_vpn&#x27;: False,</span><br><span class="line">    &#x27;enable_fip_topology_check&#x27;: False,</span><br><span class="line">&#125;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.10、可选地，配置时区</span></span><br><span class="line">TIME_ZONE = &quot;Asia/Shanghai&quot;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 2.11、在/etc/httpd/conf.d/openstack-dashboard.conf文件中添加如下内容（如果没有包含）</span></span><br><span class="line">vim /etc/httpd/conf.d/openstack-dashboard.conf</span><br><span class="line">WSGIApplicationGroup %&#123;GLOBAL&#125;</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 3、安装完成</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 重新启动web服务器和会话存储服务</span></span><br><span class="line">systemctl restart httpd.service memcached.service</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> bug解决</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 此时访问http://192.168.147.8/dashboard/，报Not Found：The requested URL /auth/login/ was not found on this server.</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 编辑/etc/openstack-dashboard/local_settings，添加入下参数</span></span><br><span class="line">vim /etc/openstack-dashboard/local_settings</span><br><span class="line">WEBROOT = &#x27;/dashboard&#x27;</span><br><span class="line"><span class="meta">#</span><span class="bash"> 再次重启http，之后再访问http://192.168.147.8/dashboard/，域：default，用户名密码都是admin</span></span><br><span class="line">systemctl restart httpd.service</span><br><span class="line"><span class="meta"></span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 解决打不开虚拟机控制台问题。</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 原因是打开虚拟机控制台的访问地址是controller，本地hosts没有解析，需要子啊hosts文件中添加解析</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 解析内容为：192.168.147.8 controller</span></span><br><span class="line"><span class="meta">#</span><span class="bash"> 或者在计算节点修改配置 vi /etc/nova/nova.conf，中的[vnc]部分的novncproxy_base_url参数值中的controller为192.168.147.8</span></span><br><span class="line">[vnc]</span><br><span class="line">novncproxy_base_url = http://192.168.147.8:6080/vnc_auto.html</span><br><span class="line"><span class="meta">#</span><span class="bash"> 修改完成后重启</span></span><br><span class="line">systemctl restart openstack-nova-compute.service</span><br></pre></td></tr></table></figure>

<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229224627614.png" alt="image-20211229224627614"></p>
<p><img src="/2021/12/31/openstack%E5%AE%9E%E6%88%98/image-20211229231834291.png" alt="image-20211229231834291"></p>
<h3 id="官方文档："><a href="#官方文档：" class="headerlink" title="官方文档："></a>官方文档：</h3><p><a target="_blank" rel="noopener" href="https://docs.openstack.org/install-guide/">https://docs.openstack.org/install-guide/</a></p>
<p><a target="_blank" rel="noopener" href="https://docs.openstack.org/install-guide/openstack-services.html#minimal-deployment-for-train">https://docs.openstack.org/install-guide/openstack-services.html#minimal-deployment-for-train</a></p>

      
    </div>
    <div class="article-footer">
      <blockquote class="mt-2x">
  <ul class="post-copyright list-unstyled">
    
    <li class="post-copyright-link hidden-xs">
      <strong>本文链接：</strong>
      <a href="https://giscloud.ltd/2021/12/31/openstack%E5%AE%9E%E6%88%98/" title="OpenStack-T版搭建笔记" target="_blank" rel="external">https://giscloud.ltd/2021/12/31/openstack实战/</a>
    </li>
    
    <li class="post-copyright-license">
      <strong>版权声明： </strong> 本博客所有文章除特别声明外，均采用 <a href="http://creativecommons.org/licenses/by/4.0/deed.zh" target="_blank" rel="external">CC BY 4.0 CN协议</a> 许可协议。转载请注明出处！
    </li>
  </ul>
</blockquote>


<div class="panel panel-default panel-badger">
  <div class="panel-body">
    <figure class="media">
      <div class="media-left">
        <a href="https://github.com/geiao223" target="_blank" class="img-burn thumb-sm visible-lg">
          <img src="/images/avatar.jpg" class="img-rounded w-full" alt="">
        </a>
      </div>
      <div class="media-body">
        <h3 class="media-heading"><a href="https://github.com/geiao223" target="_blank"><span class="text-dark">耀</span><small class="ml-1x">GIS Developer</small></a></h3>
        <div>低头一片黑暗，抬头一片光明。</div>
      </div>
    </figure>
  </div>
</div>


    </div>
  </article>
  
    
  <section id="comments">
  	
           
    
  </section>


  
</div>

  <nav class="bar bar-footer clearfix" data-stick-bottom>
  <div class="bar-inner">
  
  <ul class="pager pull-left">
    
    
    <li class="next">
      <a href="/2021/10/15/5-0-x%E7%94%A8%E6%88%B7%E7%95%8C%E9%9D%A2%E5%AE%9A%E5%88%B6/" title="5.0.x用户界面定制"><span>下一篇&nbsp;&nbsp;</span><i class="icon icon-angle-right" aria-hidden="true"></i></a>
    </li>
    
    
    <li class="toggle-toc">
      <a class="toggle-btn collapsed" data-toggle="collapse" href="#collapseToc" aria-expanded="false" title="文章目录" role="button">
        <span>[&nbsp;</span><span>文章目录</span>
        <i class="text-collapsed icon icon-anchor"></i>
        <i class="text-in icon icon-close"></i>
        <span>]</span>
      </a>
    </li>
    
  </ul>
  
  
  <!-- Button trigger modal -->
  <button type="button" class="btn btn-fancy btn-donate pop-onhover bg-gradient-warning" data-toggle="modal" data-target="#donateModal"><span>赏</span></button>
  <!-- <div class="wave-icon wave-icon-danger btn-donate" data-toggle="modal" data-target="#donateModal">
    <div class="wave-circle"><span class="icon"><i class="icon icon-bill"></i></span></div>
  </div> -->
  
  
  <div class="bar-right">
    
    <div class="share-component" data-sites="weibo,qq,wechat" data-mobile-sites="weibo,qq,qzone"></div>
    
  </div>
  </div>
</nav>
  
<!-- Modal -->
<div class="modal modal-center modal-small modal-xs-full fade" id="donateModal" tabindex="-1" role="dialog">
  <div class="modal-dialog" role="document">
    <div class="modal-content donate">
      <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
      <div class="modal-body">
        <div class="donate-box">
          <div class="donate-head">
            <p>感谢您的支持，我会继续努力的!</p>
          </div>
          <div class="tab-content">
            <div role="tabpanel" class="tab-pane fade active in" id="alipay">
              <div class="donate-payimg">
                <img src="/images/donate/alipayimg.png" alt="扫码支持" title="扫一扫" />
              </div>
              <p class="text-muted mv">扫码打赏，你说多少就多少</p>
              <p class="text-grey">打开支付宝扫一扫，即可进行扫码打赏哦</p>
            </div>
            <div role="tabpanel" class="tab-pane fade" id="wechatpay">
              <div class="donate-payimg">
                <img src="/images/donate/wechatpayimg.png" alt="扫码支持" title="扫一扫" />
              </div>
              <p class="text-muted mv">扫码打赏，你说多少就多少</p>
              <p class="text-grey">打开微信扫一扫，即可进行扫码打赏哦</p>
            </div>
          </div>
          <div class="donate-footer">
            <ul class="nav nav-tabs nav-justified" role="tablist">
              <li role="presentation" class="active">
                <a href="#alipay" id="alipay-tab" role="tab" data-toggle="tab" aria-controls="alipay" aria-expanded="true"><i class="icon icon-alipay"></i> 支付宝</a>
              </li>
              <li role="presentation" class="">
                <a href="#wechatpay" role="tab" id="wechatpay-tab" data-toggle="tab" aria-controls="wechatpay" aria-expanded="false"><i class="icon icon-wepay"></i> 微信支付</a>
              </li>
            </ul>
          </div>
        </div>
      </div>
    </div>
  </div>
</div>



</main>

  <footer class="footer" itemscope itemtype="http://schema.org/WPFooter">
	<head>
    <meta charset="utf-8">
    
      
            
        
            
        
            
        
            
              <link rel="stylesheet" href="//at.alicdn.com/t/font_557201_kt8eehtlfzr.css">
            
        
            
        
    
</head>

	
    <ul class="social-links">
    	
            
                <li><a href="https://github.com/geiao223" target="_blank" title="Github" data-toggle=tooltip data-placement=top><i class="icon icon-github"></i></a></li>
            
             
        
            
                <li><a href="https://gitee.com/geiao2" target="_blank" title="Gitee" data-toggle=tooltip data-placement=top><i class="icon icon-gitee"></i></a></li>
            
             
        
            
                <li><a href="https://www.zhihu.com/people/geiao1314/columns" target="_blank" title="Zhihu" data-toggle=tooltip data-placement=top><i class="icon icon-zhihu"></i></a></li>
            
             
        
            
            
                <li><a href="https://space.bilibili.com/315638226" target="_blank" title="Bilibili" data-toggle=tooltip data-placement=top><i class="iconfont icon-bilibili-line"></i></a></li>
             
        
            
                <li><a href="https://mail.google.com/mail/u/0/?fs=1&tf=cm&source=mailto&to=zhaoyao92@qq.com" target="_blank" title="Email" data-toggle=tooltip data-placement=top><i class="icon icon-email"></i></a></li>
            
             
        
    </ul>

    <div class="copyright">
    	
        <!-- <div class="publishby">
        	Theme by <a href="https://github.com/cofess" target="_blank"> cofess </a>base on <a href="https://github.com/cofess/hexo-theme-pure" target="_blank">pure</a>.
        </div> -->
    </div>
</footer>
  <script src="//cdn.jsdelivr.net/npm/jquery@1.12.4/dist/jquery.min.js"></script>
<script>
window.jQuery || document.write('<script src="js/jquery.min.js"><\/script>')
</script>

<script src="/js/plugin.min.js"></script>


<script src="/js/application.js"></script>


    <script>
(function (window) {
    var INSIGHT_CONFIG = {
        TRANSLATION: {
            POSTS: '文章',
            PAGES: '页面',
            CATEGORIES: '分类',
            TAGS: '标签',
            UNTITLED: '(未命名)',
        },
        ROOT_URL: '/',
        CONTENT_URL: '/content.json',
    };
    window.INSIGHT_CONFIG = INSIGHT_CONFIG;
})(window);
</script>

<script src="/js/insight.js"></script>






   




   
    
  <!-- <link rel="stylesheet" href="https://unpkg.com/gitalk/dist/gitalk.css"> -->
  <script src="//cdn.jsdelivr.net/npm/gitalk@1.4.0/dist/gitalk.min.js"></script>
  <script src="//cdn.jsdelivr.net/npm/blueimp-md5@2.10.0/js/md5.min.js"></script>
  <script type="text/javascript">
  var gitalk = new Gitalk({
    clientID: '66af9719abdb92e5034a',
    clientSecret: '3ca9af86aec721cc878a615c07939f8ed2290460',
    repo: 'blog-comments',
    owner: 'geiao223',
    admin: ['geiao223'],
    proxy: 'https://shielded-brushlands-08810.herokuapp.com/https://github.com/login/oauth/access_token',
    id: md5(location.pathname),
    distractionFreeMode: true
  })
  gitalk.render('comments')
  </script>

      



  <script src="//cdn.jsdelivr.net/npm/@fancyapps/fancybox@3.3.5/dist/jquery.fancybox.min.js"></script>
  <script>
  //利用 FancyBox 实现点击图片放大
  $(document).ready(function() {
    $('article img').not('[hidden]').not('.panel-body img').each(function() {
      var $image = $(this);
      var imageCaption = $image.attr('alt');
      var $imageWrapLink = $image.parent('a');
      if ($imageWrapLink.length < 1) {
        var src = this.getAttribute('src');
        var idx = src.lastIndexOf('?');
        if (idx != -1) {
          src = src.substring(0, idx);
        }
        $imageWrapLink = $image.wrap('<a href="' + src + '"></a>').parent('a');
      }
      $imageWrapLink.attr('data-fancybox', 'images');
      if (imageCaption) {
        $imageWrapLink.attr('data-caption', imageCaption);
      }
    });
    $().fancybox({
      selector: '[data-fancybox="images"]',
      hash: false,
      loop: false,
    });
  });
  </script>





<div id="go-top"></div>
<style type="text/css">
#go-top {
 width:40px;height:36px;
 background-color:#777;
 position:relative;
 border-radius:2px;
 position:fixed;right:10px;bottom:60px;
 cursor:pointer;display:none;
}
#go-top:after {
 content:" ";
 position:absolute;left:14px;top:14px;
 border-top:2px solid #fff;border-right:2px solid #fff;
 width:12px;height:12px;
 transform:rotate(-45deg);
}
#go-top:hover {
 background-color:#333;
}
</style>
<script>
$(function () {
  var top=$("#go-top");
  $(window).scroll(function () {
    ($(window).scrollTop() > 300) ? top.show(300) : top.hide(200);
    $("#go-top").click(function () {
      $('body,html').animate({scrollTop:0});
      return false();
    })
  });
});
</script>  
</body>
</html>